design-swarm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary http/https URL targets and instructs (in SKILL.md under "Detect Target Type" and "Orchestration Flow" — e.g., "Use browser tools to snapshot the page" and "URL: all 10 (snapshot first, then inspect code if accessible)"), which the agents read as part of their prompts/target context, so untrusted third‑party webpages can be ingested and influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly snapshots user-supplied web targets (http:// or https://) at runtime and injects that page snapshot into the constructed agent prompts (i.e., external http(s) page content can directly control prompts), so user-provided URLs are a runtime external dependency.