newsletter-designer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required Phase 1 "Brand Extraction" in SKILL.md explicitly instructs the agent to scrape the client website (a user-provided public URL) to extract colours, fonts, logos and theme—which are then used to populate CSS and to influence the FLUX image prompt and layout decisions—thereby exposing the agent to arbitrary third‑party web content that can materially influence its prompts and behaviour.