project-intake

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Workflow and Input Types explicitly require the agent to "scan whatever the user has provided" and accept PRD drafts, prototype/Figma links, screenshots, competitive analysis, and repository links, so the agent will ingest untrusted third‑party/user‑generated content (e.g., public Figma or repo links) that can materially influence its decisions.