diagrams-kroki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows PlantUML examples that use remote includes (e.g., "!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Context.puml") and directs rendering via an external Kroki server (KROKI_SERVER=https://kroki.io), which means the rendering workflow can fetch and ingest arbitrary public, user-maintained files that could influence generated output and downstream agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill contains PlantUML !include lines that fetch remote code at render time from https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Context.puml and https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Container.puml, which are retrieved during runtime and executed as PlantUML definitions/templates, so they are runtime external dependencies that execute remote code.