lean-ux-canvas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Step 0: Gather Context" explicitly asks users to paste PRDs, stakeholder memos, user research, competitor analysis or other documents (i.e., arbitrary user-provided or public web content) which the agent will read and use in its workflow, thereby ingesting untrusted third‑party content that could contain indirect prompt injections.