brand-yml

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md's "Gather Brand Information" workflow explicitly instructs the agent to use web_fetch to retrieve website pages and linked CSS, and the "Research and Resolve" steps require web search (e.g., checking Google Fonts and official brand guides), so the agent will ingest arbitrary public web pages and site content that can materially influence its actions and generated _brand.yml.