design-intelligence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md Decision Tree and REVIEW Mode explicitly require navigating and snapshotting "Live URL" inputs ("Live URL → navigate, snapshot, score" and "Live URL: Navigate, take snapshot, analyze"), so the agent will fetch and interpret arbitrary public web pages (untrusted third-party content) and use that content to drive scoring and recommendations, creating a clear avenue for indirect prompt injection.