openrouter-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests untrusted public content: multiple required workflows and examples (e.g., Quick Start Vision example and reference/multimodal.md's analyze_multiple_images and PDF/image URL usage which pass arbitrary HTTP image/PDF URLs like "https://example.com/chart.png" or user-provided image URLs into the LLM) so the agent will read/interpret third‑party web-hosted content that can materially influence its reasoning and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the OpenRouter API (https://openrouter.ai/api/v1) and uses model responses (e.g., supervisor_llm.invoke routing prompts and auto-routing) to directly control agent routing/behavior, so external content from that URL influences agent instructions.