design-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests arbitrary public web pages and image URLs (see references/copy.md Step 2: "Fetch the URL using WebFetch"; references/design.md accepts image URLs; variants.md re-reads the reference image), and that fetched content is parsed and used to extract copy/design tokens which directly guide downstream decisions and code-generation, creating a pathway for indirect prompt injection.