design-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and browser-tools-reference explicitly instruct the agent to navigate to and inspect a "live preview environment" (e.g., mcp__playwright__browser_navigate(url: ...), Chrome DevTools scripts) so the agent will fetch and interpret arbitrary preview URLs/web pages as part of its review workflow, exposing it to untrusted third‑party content that could influence its actions.