oma-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 EXTRACT explicitly fetches external vendor templates from the public getdesign catalog (via bunx getdesign@latest per resources/getdesign-fetcher.md) and can also fetch and analyze arbitrary reference URLs (execution-protocol.md Branch C), then loads that external content into the agent's context and uses it to seed proposals and generate the final DESIGN.md, so untrusted third‑party content can materially influence the agent's decisions.