frontend-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Critique workflow explicitly asks for a "Live URL" and states "if a tool can fetch and screenshot, do it", so the agent will fetch and read arbitrary public web pages (untrusted third‑party content) as part of its decision-making, enabling indirect prompt injection risks.