codeck-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to accept and extract signals from user-provided visual references (URLs, screenshots, design specs) and even to "browse their site yourself" when a brand is named, meaning the agent will fetch and interpret arbitrary public web content which can directly determine design decisions and generated outputs.