local-axure-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly allows using the MCP tool to fetch online resources when sitemap.json contains a projectUrl (see "若本地缺失且 sitemap.json 含 projectUrl，可使用 MCP 获取在线截图" and "sitemap.json 包含 projectUrl 时，可使用本项目MCP 工具获取在线资源"), meaning it can retrieve arbitrary public URLs whose untrusted content (screenshots/pages) would be read and used to influence page-restoration and generation decisions.