design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read external repositories and URLs (see "When the user provides a repository URL or pastes source code..." and "When only a URL is provided: fetching it returns extracted text only" in SKILL.md) and to optionally pull brand presets from a public catalog (npx getdesign), so untrusted, user-provided web content is ingested and used to drive design decisions and code changes.