make-figures

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and consume public third‑party assets and templates as part of its workflow (e.g., Visual Abstract sources like Servier Medical Art https://smart.servier.com and NIAID BioArt https://bioart.niaid.nih.gov, the "Refresh / fill workflow" that runs ${CLAUDE_SKILL_DIR}/scripts/fetch_official_templates.sh and the PRISMA template fetch/fill steps in SKILL.md), so external web content is downloaded/read and can materially influence generation and tool decisions.