design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's design-critique reference explicitly instructs the agent to accept a "Live URL" and "use the available web browsing/search tool to retrieve page context" (references/design-critique.md — Input Modes, Tertiary), which requires fetching and interpreting arbitrary public webpages provided by users and thus exposes the agent to untrusted third‑party content that can influence its critique and subsequent actions.