creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary web article URLs via the content-parser API (see Step 1 "URL (web/article) → Will call content-parser" and the curl to https://api.marswave.ai/openapi/v1/content/extract in Step 5) and also reads URL-based style references (Step 3), then the agent parses and applies that untrusted content as sessionStyle/material that directly influences generation and downstream tool actions (image-gen, TTS), enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to https://api.marswave.ai/openapi/v1/content/extract (and its task polling endpoint) to fetch article/style content which is injected and analyzed to produce sessionStyle and material that directly control the agent's prompts and generation pipeline, so this external URL is a runtime dependency that can influence instructions.