design-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references/sources.md explicitly instruct the agent to WebSearch and fetch arbitrary public pages (e.g., CodePen, UIVerse, dev.to, Dribbble, raw GitHub SVG URLs) and the included scripts/fetch-page.py uses Playwright to retrieve and extract code from those third‑party sites, so untrusted user-generated content is read and used as part of the agent's workflow.