myreels-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches live model metadata and task data from the public MyReels API (e.g., GET https://api.myreels.ai/api/v1/models/api referenced in SKILL.md and implemented in scripts/myreels-models.sh and myreels-task-get.sh), and the agent is required to read the returned userInputSchema and task responses to build requests and decide next actions, so untrusted third-party content can materially influence tool use.