design-website

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads prospect data from a user-supplied Google Sheet (see SKILL.md inputs and scripts/read_prospect.py) and uses those untrusted, user-generated fields (description/industry/keywords/etc.) at runtime to drive content generation and Unsplash image queries (scripts/generate_website.py), so third-party sheet content can materially influence behavior.