venice-characters

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL fetches published Venice characters and public reviews via the GET /characters and GET /characters/{slug} endpoints (see SKILL.md) and explicitly states that "The character's system prompt is injected by Venice" when applied via venice_parameters.character_slug, allowing untrusted third‑party persona content to directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Calls to the Venice API (e.g., https://api.venice.ai/api/v1/characters and https://api.venice.ai/api/v1/characters/{slug}) are made at runtime and Venice returns a character's system prompt which is injected into chats via venice_parameters.character_slug, so remote content directly controls the agent's instructions.