design-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to load and review deployed/live web pages using browser tools (see "Browser Tool Detection", "URL Resolution", and "Take screenshots" / output sections), so the agent will fetch and interpret arbitrary public URLs and their content, which could include untrusted/user-controlled instructions that influence its decisions.