cloudinary-assets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime workflows (SKILL.md and scripts/upload_asset.py) call Cloudinary's Admin and Upload APIs (e.g., list_assets GET /resources, upload endpoints, and auto_tagging on upload), which fetch and process user-generated/untrusted media and metadata from a third-party service and those results are used to decide actions (generate transforms, list/delete assets, produce HTML), so third-party content could indirectly influence agent behavior.