don-norman-principles-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to analyze externally-provided "screenshots_or_links" (URLs of screenshots, wireframes, or live site/app) and optional "existing_feedback" (user comments/pain points), which are arbitrary public or user-generated sources the agent must read and interpret, exposing it to untrusted third-party content.