oma-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's resources/prompt-tips.md explicitly instruct the agent to fetch public GitHub README prompt libraries (e.g., YouMind-OpenLab/awesome-nano-banana-pro-prompts) via gh api and "internalize the pattern" to compose amplified prompts, so untrusted, user-generated third-party content is read and can directly influence prompt construction and downstream provider calls.