Skywork-ppt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (e.g., workflow_generate.md and workflow_imitate.md) explicitly instruct running scripts/web_search.py to perform web searches against SKYWORK_GATEWAY_URL (open web search results) and distill those public search results into a reference-file that is then consumed by scripts/run_ppt_write.py (--reference-file / payload), so untrusted third‑party content from the open web is fetched, read, and used to drive generation/editing decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the Skywork backend at https://api-tools.skywork.ai/theme-gateway (via scripts/run_ppt_write.py, scripts/parse_file.py, scripts/upload_files.py, scripts/web_search.py) at runtime and relies on those endpoints to produce streaming instructions, parsed content, template URLs, and the final .pptx download—external responses directly control the generation/editing workflow and are a required runtime dependency.