unavatar-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches avatars and renders content from public third‑party sites (see SKILL.md and providers.md—e.g., instagram.com, github.com, reddit.com and microlink which renders arbitrary URLs), so it ingests untrusted user-generated web content as part of its runtime resolution workflow.