design-screenshot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and analyzes an arbitrary user-provided screenshot via the $ARGUMENTS input (user-generated/untrusted third-party content) and explicitly requires the agent to read and interpret its contents, enabling indirect prompt injection.