brand-yml

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly instructs fetching and scraping arbitrary public websites and using web search (see SKILL.md "Website URL -- Use web_fetch to retrieve the page" and README examples that accept a website URL or public brand guidelines), so it consumes untrusted third‑party content which is then interpreted to determine colors, fonts, and other actions that materially influence output and behavior.