using-document-designer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to "search Universe first" and to scaffold templates with commands like typst init @preview/<template-name> referencing the public Typst package registry (https://typst.app/universe), which causes the agent to fetch and load third-party/user-contributed templates that can influence its subsequent tooling and decisions.