extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly crawls and renders arbitrary public websites supplied via the required (see SKILL.md Inputs and "Phase 1 — Discovery" which fetches /sitemap.xml and robots.txt and runs a same-origin BFS) and then ingests page content via Playwright in Phase 2 to build the brand-surface and seed PRODUCT.md / DESIGN.md and the brand-review (Phase 3–5), so untrusted third‑party content is read and can materially influence downstream decisions and tool actions.