infographics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's AI script (scripts/generate_infographic_ai.py) explicitly calls Perplexity Sonar Pro via the OpenRouter API in research_topic and web_search to fetch external web/sources and then _enhance_prompt_with_research inserts that raw research content into the generation prompt, so untrusted third‑party web content can directly influence image generation and iterative decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill makes runtime requests to https://openrouter.ai/api/v1 (OpenRouter) to call the Perplexity Sonar Pro research model and returns text that is directly injected into the generation prompt (via _enhance_prompt_with_research), and the OpenRouter API is required for the skill to run.