slideshow-producer
Warn
Audited by Snyk on May 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill accepts arbitrary HTTP(S) referenceImageUrls in the required slide manifest and explicitly states in Phase 4 that "Existing
referenceImageUrlscan be used directly" for edit generation (see Phase 4 and the slide-manifest schema/validate-manifest), which means untrusted third-party images/URLs from the open web are consumed and can influence image-generation prompts and outputs.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata