animated-message-composer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests user-provided, untrusted images (see "Working with User-Uploaded Images" / "Note on user uploads" and the Image.open('file.png') example), which the agent is expected to load and interpret as part of its workflow, exposing it to third-party content that could carry indirect prompt-injection payloads.