frontend-slides

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill can fetch and parse arbitrary client websites when the user selects "Use client branding" (Step 2.0: it asks for the client's website URL and runs the visual-brand-extractor to create/read clients//brand/visual-identity.md), and the agent then ingests that public site content to set CSS, fonts, and signature elements—allowing untrusted third‑party content to materially influence styling and generation behavior.