create-thumbnail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Step 2 "Research the Niche" explicitly instructs the agent to perform WebSearch queries and use WebFetch on the top 1–2 external URLs to extract color palettes, archetypes, and typography—i.e., it fetches and ingests untrusted public web content which the agent must read and use to drive design and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs WebFetch at runtime on the "top 1-2 most relevant URLs" returned by WebSearch (i.e., arbitrary external URLs fetched via WebFetch / WebSearch results), and those fetched pages are parsed and injected into the agent's design decisions—meaning external web content directly controls the agent's prompts/behavior.