ai-avatar-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md demonstrates sending arbitrary external image URLs (image_urls: ["https://example.com/..."]) to the each::sense API for generation, and references/SSE-EVENTS.md documents web_search_query/web_search_citations events (public URLs) that the agent can execute and consume, so it clearly ingests untrusted third-party content that can influence actions.