get-brand-assets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly calls the Brand.dev API (via the gooseworks proxy) to retrieve brand data from arbitrary company websites (see the Usage examples with the "domain" parameter), so the agent ingests public third‑party site content (logos, colors, styleguides) that can influence subsequent decisions and actions.