claude-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires WebSearch and the Core Asset Protocol (see SKILL.md "Priority #0 — Verify facts before assuming" and references/brand-context.md) which instruct the agent to search, fetch and download assets from public third‑party sources (brand websites, App Store/Google Play screenshots, YouTube launch videos, social media posts, Wikimedia, arbitrary official pages) and to read those results into product-facts.md/brand-spec.md — untrusted web content that the agent is expected to interpret and that can materially change subsequent actions.