frontend-dev-plain-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md workflow explicitly instructs using grok-search/ref-skill to find and download images from public sites (Unsplash, Pexels, Pixabay, Google Custom Search JSON API) and to consult GitHub examples, meaning the agent fetches and interprets untrusted, user-generated third‑party content as part of its required workflow (see steps 3–5 and the Image handling loop).