vibe-slides

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly creates brand themes by fetching and extracting identity from arbitrary company URLs (POST /v1/themes {brand_url}) and the linkedin-deck script accepts LinkedIn/company URLs and "always try to find the company website", so it ingests and interprets untrusted public web content as part of its workflow.