web-design-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly asks for a target URL (Step 1.1) and its workflow (Step 2: Page Traversal and Required Capabilities) uses browser automation to navigate to user-provided/staging/production websites and retrieve screenshots and DOM content, meaning it fetches and interprets arbitrary public/untrusted web pages which can directly influence fixes and subsequent actions.