design-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to use web-search and scraping tools (e.g., SerperDevTool, ScrapeWebsiteTool in SKILL.md Agent.kickoff examples) and includes custom tool examples that fetch arbitrary URLs (references/custom-tools.md fetch_webpage and WebFetcherTool), so agents will ingest untrusted public web content which can influence their planning and actions.