design-md

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and download user/project assets (e.g., htmlCode.downloadUrl and screenshot.downloadUrl returned by [prefix]:get_screen) using web_fetch/read_url_content and to parse that HTML/screenshots as part of analysis, which exposes it to untrusted, user-generated third-party content.