oma-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill explicitly fetches and loads external vendor templates and public reference URLs into the agent's context (see resources/getdesign-fetcher.md and Execution Protocol Phase 2 EXTRACT Branches B and C, plus parsing of the .design-context.md "Reference Sites"), and those untrusted third-party files are then used to drive proposals and generate DESIGN.md, creating a clear path for indirect prompt injection despite stated mitigations.