palette

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required Step 2 explicitly performs a WebFetch from the public tints.dev API (WebFetch: https://www.tints.dev/api/{colorName}/{hexWithoutHash}) and parses that external response to generate palettes.json and color-system.md, so untrusted third-party content is fetched and directly interpreted to drive outputs and downstream agent behavior.