design-consultation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 Research and "Find the browse binary" sections explicitly direct the agent to use WebSearch and a browse binary (e.g., $B goto, screenshot, snapshot) to visit and analyze arbitrary public websites, so it will fetch and interpret untrusted third-party web content as part of its workflow.