world-class-carousel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md/README explicitly instructs the agent to fetch and ingest public web content (e.g., "use Creative Commons photos from Flickr, Wikimedia", "capture browser screenshots for any real tools/products/news referenced", and the Real-Face Hook Pipeline using Flickr/Wikimedia URLs and base64 uploads to /api/v1/images/generations), so the agent will read and interpret untrusted, user-generated third‑party content as part of its workflow — content that could materially influence image generation, slide composition, and downstream actions.