brand-kit-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requests website URLs and describes ingesting website content into the Knowledge Vault as part of the "Create from website" flow and Expected Inputs (SKILL.md) and the Knowledge Vault API reference, so the agent will fetch and interpret untrusted public web content that can materially influence generation and actions.