codeck-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly accepts visual references (URLs, screenshots, design specs) and in "Reference extraction" instructs the agent to "extract design signals" and even "when the user mentions a brand by name without a URL, browse their site yourself," so it will fetch and interpret arbitrary public web pages/URLs as part of its workflow, which can materially influence design decisions.