muapi-color-analysis-board

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill requires a user-supplied person_image (Inputs table: person_image as image_url) and explicitly passes that arbitrary image URL into the muapi image edit step (Phase A — Reference Image: {{person_image}}), so the agent ingests untrusted third‑party image content which directly shapes analysis and generation and could enable indirect injection via that content.