don-norman-principles-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly requires analyzing "screenshots_or_links: URLs of screenshots, wireframes, or live site/app" (see Inputs Required and Step 1: "Analyze interface_description, screenshots_or_links, and user_tasks"), meaning the agent is expected to fetch and interpret arbitrary public/live site content which could contain untrusted, user-generated instructions that materially influence its audit decisions.