ux-design-gemini

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests arbitrary user-provided images for analysis (e.g., the files/files-mode: embed usage and examples like "files: ./our-app.png, ./competitor-a.png" and multimodal templates for competitor/website screenshots), which can be untrusted third‑party or public content that the agent will read and interpret.