review-demos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (STEP 2) uses WebFetch to open and read company websites from company.domainName.primaryLinkUrl and calls the OpenBrand API to extract colors from public company pages—both are untrusted, public third-party content that the agent must interpret to decide checks and trigger auto-fixes, allowing malicious page content to influence actions.