storefront-branding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly scrapes arbitrary customer URLs via the bundled webcrawler (e.g., start-brand-review.sh / preview-brand.sh calling scripts/webcrawler) and the agent is instructed to read and act on the resulting artifacts (.webcrawler//page.json and analysis.json / preview.html) to drive preview, overrides, and apply actions, so untrusted third-party page content can materially influence tool use and next steps.