seo-images

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and forwards arbitrary public URLs and web grounding to the generation model (see scripts/generate.sh options --reference, --search, --image-search and the Replicate API fields image_input / google_search), and SKILL.md says "The agent will: Read the article to understand the content" — together showing the agent can ingest untrusted third‑party web content that directly influences prompt construction and API calls.