direct

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires and reads extracted artifacts produced from crawling arbitrary public sites (e.g., stardust/current/_brand-extraction.json, stardust/current/brand-review.html, stardust/current/pages/*.json and captured image URLs produced by the required $stardust extract step) and uses their contents to drive mode-detection, palette/type inheritance, improvements lists and other actions—so untrusted third‑party site content is ingested and can materially influence behavior.