design-md

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs the agent to fetch and parse user-provided project assets (see "Asset download": use web_fetch or read_url_content on htmlCode.downloadUrl and screenshot.downloadUrl, and earlier steps calling [prefix]:list_projects/list_screens/get_screen), so untrusted third-party HTML/assets are ingested and used to drive analysis and decisions.