design2spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts URLs as design input (Core workflow step 1: "accept images, screenshots, URLs, mockups...") and requires the agent to read and interpret those inputs to produce implementation decisions, so arbitrary public/web URLs or user-generated content could materially influence tool behavior and enable indirect prompt injection.