pma-draw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md core workflow explicitly tells the agent to "look up actual specs, endpoints, event names, and data formats before writing JSON" (Step 1), and the integration docs (references/integration.md) describe loading diagram JSON via arbitrary src URLs and a server-rendered SVG endpoint that fetches public .rfd.json files — together these require ingesting untrusted public web content which the agent is expected to read and that can materially influence diagram generation and subsequent actions.