design-dna-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Phase 2 "Analyze" steps and example workflow explicitly instruct the agent to inspect and extract design data from arbitrary live URLs and screenshots (e.g., "Extract design tokens from https://example.com" and "I want to extract design DNA from https://linear.app and this screenshot"), meaning the agent reads untrusted third‑party web content and uses it to drive generation and follow-on actions, which could enable indirect prompt injection.