design-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests open/public pages and live brand URLs (see references/copy.md Step 2 "Full-page URL" and references/inputs.md A1 "Brand URL or live site") and then reads/interprets that untrusted content to extract design tokens and structure which can be committed back (see references/inputs.md Step 4/5 and references/preview.md creative-range commits), so third‑party content can materially influence tool use and decisions.