design-md

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and parse user-provided HTML and images from project screen fields (e.g., htmlCode.downloadUrl and screenshot.downloadUrl via web_fetch/read_url_content) so the agent will read/interpret untrusted, user-generated content from project-hosted URLs.