infographic-creation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's resource loader fetches SVGs from public third-party endpoints (api.iconify.design and raw.githubusercontent.com/unDraw) based on user-provided icon/illus names, causing the agent to ingest and load untrusted external content at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The generated HTML explicitly loads and executes remote JavaScript at runtime from https://unpkg.com/@antv/infographic@latest/dist/infographic.min.js, which is a required runtime dependency for rendering and therefore executes remote code.