multi-chart-draw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly embeds and communicates with external web editors (e.g., the iframe to https://embed.diagrams.net in assets/architecture.html and charts-output/ai_chat_architecture.html) and states it uses the GeoGebra Materials API in the README, which are public/third‑party (potentially user‑generated) sources that the skill's runtime exchanges messages with and can ingest (e.g., receiving XML via postMessage or fetching materials), so untrusted content can influence processing or subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The asset HTML pages load and communicate with the external Draw.io embed (e.g. https://embed.diagrams.net/?embed=1&ui=atlas&spin=1&proto=json&p=* and links to https://app.diagrams.net/), which is fetched at runtime, executes remote code in the iframe, and is relied upon by the skill for DrawIO rendering, so it represents a runtime external dependency that can execute remote code.