notemdpro-mermaid-healer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly extracts arbitrary Mermaid blocks from input markdown and (per SKILL.md and the llmHealMermaid code) sends the raw block plus parser error to an LLM via llmCall to "fix" the diagram, which exposes the agent to untrusted/user-generated content that could contain embedded instructions and enable indirect prompt injection.