api-reference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly accepts and ingests arbitrary HTTPS asset URLs (e.g., promptImage/referenceImage) and user-created documents via POST /v1/documents which can be linked to an Avatar (Documents and Characters/Avatars sections), meaning untrusted third‑party content is read and used as knowledge/inputs that can influence generation and avatar behavior, enabling indirect prompt injection.