chromatic-turbosnap-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly asks for hosted .chromatic/preview-stats.json URLs or for users to paste local/hosted stats and trace outputs (see reference/command-catalog.md, reference/evidence-ladder.md, and reference/workflow-playbook.md), so the agent ingests untrusted user-provided/public metadata that directly influences diagnosis and next-action recommendations.