make-deck

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted public content (e.g., GitHub and Figma URLs and attached .md/.pdf files) as part of its Phase 0 auto-detect workflow—see "Scan user message/attachments for: GitHub URL → invoke Skill: ingest-github; Figma URL → invoke Skill: ingest-figma"—and that content is used to decide visual systems and build slides, so external content can materially influence agent actions.