design-to-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and extract HTML from arbitrary URLs ("For URL: WebFetch the page, extract HTML structure" in Stage 1) and to search the public 21st.dev registry in Stage 2, so untrusted third-party web and registry content is ingested and used to drive component-matching and generation decisions.