design-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill navigates to and scrapes arbitrary user-supplied websites (page.goto(self.url) in DesignExtractor.extract_all) and fetches linked stylesheets (page.request.get(href) in _extract_css), then extracts and reads the page HTML/CSS/computed styles into design_data.md/json that the agent consumes—therefore it ingests untrusted, third‑party web content.