build-photo-editor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The workflow instructs the agent to fetch public web content at runtime from https://banuba.com/ve-pe-sdk/llms-full.txt and then use it to generate code, which is outsider-authored free text ingested into the agent’s LLM context via the “Fetch and search docs” step.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires retrieving the external reference at runtime (https://banuba.com/ve-pe-sdk/llms-full.txt) and mandates that all generated code be grounded in that fetched content, so this URL is a required runtime dependency that directly controls the agent's prompts/instructions.