powerpoint-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public web content (e.g., "From Web Article" in SKILL.md and the Purpose: Blog to Presentation instructions which state "Fetch article content (API or fetch_webpage)" and extract/download images), so the agent will read and act on untrusted user-generated web articles (Zenn/Qiita/other URLs) as part of its EXTRACT→TRANSLATE→BUILD workflow, letting third-party page content materially influence generation decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's EXTRACT flow fetches web articles at runtime (e.g., https://zenn.dev/example/articles/azure-copilot-guide) to build content.json which is injected into the agent's context and thus directly controls prompts, so this runtime external fetch is a risky dependency.