impeccable

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's references explicitly instruct the agent to fetch public, user-generated imagery from Unsplash (reference/brand.md: "Unsplash is the default" with image URL patterns) and to open/inject scripts into arbitrary pages during the critique flow (reference/critique.md: "navigate to the page" / inject detector into the page), which clearly requires ingesting untrusted third‑party web content that can influence design decisions and subsequent tool actions.