brief

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to extract content from external websites ("Use my brand — Extract from website or provide colors" via browser-use or WebFetch) and to read uploaded docs/URLs via list_resources / search_resources, and that ingested third‑party content is used to shape the brief (styles, playbook selection, talking points), so untrusted web/URL content can materially influence actions.