pexels-media

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses public, user-generated media and metadata from the Pexels API (e.g., https://api.pexels.com/v1/search and /v1/photos/PHOTO_ID) and even stores the full "api_response" which the agent is expected to read/interpret, exposing it to untrusted third-party content that could carry embedded instructions.