slidev-styles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Brand Discovery workflow (SKILL.md and references/discovery-pipeline.md) explicitly directs the agent to navigate to arbitrary public brand websites using Playwright (browser_navigate, browser_evaluate) to extract CSS, fonts, colors, and logo URLs which are then parsed into brand-config.json and directly drive theme-generation and validation steps, meaning untrusted third-party page content is ingested and can materially influence subsequent actions.