plantuml-syntax

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes external PlantUML includes from a public GitHub URL (see references/c4.md: "!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Context.puml"), which causes the agent/runtime to fetch and interpret untrusted third‑party content as part of diagram generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The C4 examples use PlantUML’s runtime !include to fetch and execute remote PlantUML definitions from URLs like https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Context.puml (and the related C4_Container.puml and C4_Component.puml), which are fetched at render time and directly inject/execute external code required for C4 diagrams.