design-taste

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly asks the user to "Show me 2-3 designs you admire" (Step 1b) and to point to design system files/URLs to "read it first" (Step 1a) and then requires the agent to analyze those references (Step 2) — i.e., it ingests arbitrary user-provided/public web content (names/URLs) and uses that content to drive design decisions, creating a clear avenue for indirect prompt injection.