design-iterator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill instructs the agent to open arbitrary URLs with "agent-browser open [url]" and to navigate to and screenshot competitor websites ("Navigate to 2-3 competitor websites" under Competitor Research), which requires fetching and analyzing public third‑party web content that could include untrusted user-generated material.