native-app-designer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "Search 21st.dev for modern patterns" and to use community MCPs (21st Century Dev, Firecrawl, Shadertoy, etc.) to fetch and analyze public/community content, meaning the agent will ingest untrusted, user-generated third‑party material as part of its workflow and adapt scaffolded outputs based on that content.