ui-design-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md requires "screenshots_or_urls" as a required input and instructs the agent to analyze and act on those visual references (Step 1–6 and Dimension evaluations), meaning the agent will ingest and interpret arbitrary external webpages/screenshots provided as URLs and those untrusted third‑party contents could influence its decisions.