multi-chart-draw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly embeds and interacts with third-party web services (e.g., the DrawIO iframe loading https://embed.diagrams.net in assets/architecture.html and the stated use of the GeoGebra Materials API in the README/references), which can load/display/ingest public, user-generated content that the skill processes or displays as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes HTML assets that at runtime load and post messages to the external Draw.io editor (e.g. https://embed.diagrams.net and https://app.diagrams.net/), which executes remote code in the client and is relied on for interactive DrawIO rendering.