optimize-shopify-alt-text

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and opens external Shopify-hosted images (see scripts/shopify-alt-text-admin.mjs: downloadImage, downloadTargetImages, visionSample and the SKILL.md "target --download" / "vision-sample" workflows) and requires the agent to read pixel-derived visual evidence from those third-party image URLs to generate alt text and drive apply actions, so untrusted third-party content can materially influence decisions.