design-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly requires inspecting a provided URL/localhost address or live page ("Use the provided URL, localhost address, screenshot, or repository app" and "Prefer direct inspection of the running page whenever possible"), which means the agent will fetch and read arbitrary public/untrusted web content as part of its evaluation and decision-making.