design-iterator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to open arbitrary competitor websites (e.g., "agent-browser --headed open [url]" and the "Competitor Research" steps: "Navigate to 2-3 competitor websites" and "Take screenshots...Extract specific techniques they use"), which means it fetches and interprets public third‑party web content that can influence subsequent design actions.