brand-intel-branddev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to crawl/scrape arbitrary public domains (e.g., "Extract design system and styleguide from website", "Query website data using AI", "Take screenshot of a website"), so the skill ingests untrusted public web content that can influence tool use and subsequent decisions.