presto-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts a user-provided brand URL or image and instructs the agent to "Extract: dominant colors, typography, spacing…" (context/design-spec.md Path B) and SKILL.md §1 routes to that workflow when no DESIGN.md exists, which means the agent will fetch/interpret external public site assets that can directly drive DESIGN.md (the authoritative spec) and thus materially influence subsequent actions — creating a clear avenue for indirect prompt injection.