design-system-governor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill’s runtime workflow reads 03_visual_spec/*.md (e.g., visual-analysis.md, layout-spec.md, component-tree.md, DESIGN.md, implementation-risks.md, human-review-needed.md), which are outsider-authored free-form markdown content if the operating user did not author them; those markdown files are ingested as readable text into the agent’s LLM context.