visual-brand-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 "Fetch Target Pages" and Inputs require using WebFetch to read arbitrary public website URLs (homepage/product/blog) provided by the user, and the agent directly ingests and interprets that untrusted page content to determine colors, fonts, and other actions—creating a clear avenue for indirect prompt injection.