html-style

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md step 1: "Read the user's HTML") requires the agent to ingest and interpret untrusted user-provided HTML and then apply classes, inject CSS/JS, and transform structure—actions that let content from third parties materially influence styling and subsequent tool-driven changes.