infographics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs automatic web research using Perplexity Sonar Pro (see SKILL.md "Research Integration" and scripts/generate_infographic_ai.py: research_topic and web_search) and then automatically incorporates the returned, public/web-sourced research content into the generation prompt (_enhance_prompt_with_research), so untrusted third‑party web content is fetched and directly influences the agent's prompting and decision to regenerate—exposing it to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill makes runtime calls to the OpenRouter API (https://openrouter.ai/api/v1/chat/completions) — including invoking the "perplexity/sonar-pro" research model and Gemini models — and it directly injects the returned research/model content into the generation prompt (and requires OPENROUTER_API_KEY), so this external URL can control agent prompts at runtime.