zenmux-image-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 (refresh_references.sh) explicitly re-downloads community prompt cookbooks from public sites (e.g., raw.githubusercontent.com / YouMind-OpenLab) and other external docs, and Step 4 requires the agent to read/grep those community/user-generated prompts and blend them into the optimized prompt that is then used for API calls, so untrusted third-party content is fetched and directly influences tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's refresh_references.sh is run at start-up and re-downloads prompt cookbooks from raw.githubusercontent.com (e.g. https://raw.githubusercontent.com/YouMind-OpenLab/awesome-gpt-image-2/...) and documentation from GitHub/developers.openai.com, and those fetched cookbooks are then used at runtime to construct/optimize prompts—meaning remote content can directly control the agent's prompts.