infographic-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 0 research workflow explicitly instructs the agent to fetch and ingest open-web content (e.g., "tavily_extract — if a URL is provided" and "tavily_search '[topic] 2024'") as part of creating the infographic, which exposes the agent to untrusted, public third-party content that can influence subsequent decisions and actions (SKILL.md / README).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs running "cd /tmp && npm install playwright" which fetches and installs Playwright from the npm registry (e.g. https://registry.npmjs.org/playwright) and thus downloads and executes remote code the skill requires to export PNGs.