design-system-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's UI Audit mode explicitly accepts a "live URL" as an input (SKILL.md — "Mode 2: /ui-audit — Trigger: User shares existing UI ... or live URL"), which implies the agent will fetch and read arbitrary public webpages or user-provided sites as part of the audit and let that content drive remediation recommendations, creating a clear avenue for untrusted third‑party content to influence decisions and actions.