oma-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Execution Protocol (resources/execution-protocol.md — Phase 2: EXTRACT) and the DESIGN.md extraction pipeline explicitly require fetching and analyzing external HTML/CSS (reference URLs or Stitch MCP projects), meaning the agent will ingest untrusted/public third‑party content (arbitrary URLs or user projects) and use that content to drive design extraction and subsequent actions.