running-design-reviews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires design artifact links (e.g., “Design artifact(s): link(s) or screenshots (e.g., Figma/prototype)” in SKILL.md Inputs and the Templates' "Artifacts / links" section) and the workflow directs the agent to read and synthesize those artifacts into decisions and action items, so it clearly ingests untrusted, user-provided third‑party content that can materially influence its actions.