design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read user-provided repository URLs and arbitrary reference URLs (see "When the user provides a repository URL or pastes source code..." and "When only a URL is provided: fetching it returns extracted text only") and even to optionally run npx getdesign@latest add <brand> to pull external DESIGN.md files — untrusted third-party content is therefore ingested and used to drive decisions and actions.