design-to-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open web pages ("For URL: WebFetch the page, extract HTML structure" in Stage 1) and queries the public 21st.dev registry in Stage 2, and that untrusted third-party content is read and used to drive component matching/generation, so external content can materially influence agent actions.