subtoken-imagegen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill makes HTTP requests to the external Subtoken API (https://subtoken.vip/v1) and follows image URLs returned by that API, and the script/README explicitly reads and surfaces response fields such as data[0].revised_prompt (scripts/generate_image.py and SKILL.md), meaning untrusted third-party content can be ingested and could influence subsequent agent behavior.