diagram

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required validation step (SKILL.md core workflow step 5) invokes scripts/validate_todiagram_schema.py, which by default fetches a remote schema from https://todiagram.com/schemas/todiagram.json via urlopen/curl, meaning the agent will ingest and act on external, potentially untrusted content that can affect validation and downstream behavior.