category-designer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Workflow Step 1 explicitly instructs the agent to perform a web_search ("best [current_category]") and auto-research competitors (open/public web content) and then read/interpret that market framing to define buying criteria and category strategy, meaning untrusted third-party pages can directly influence the agent's decisions and next actions.