deck

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 3 "Brand Discovery" explicitly fetches and parses arbitrary user-provided public websites (via "browser-use open " and "WebFetch the homepage URL") to extract CSS, fonts, and logo URLs, meaning the agent will ingest and act on untrusted third‑party page content to generate styling and behavior.