draft-headless-pages

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly retrieves and consumes public, user-generated page comments via commands like draft public-comments list --url '<published_or_preview_url>' and draft public-comments get <comment_id> and directs the agent to use those public comments as the default review signal that drives edits and republishes, so untrusted third-party content can influence actions.