extract-saas-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to operate on live SaaS dashboard URLs and to "use run-agent-browser to capture DOM, computed styles, screenshots, and state coverage" (SKILL.md Workflow step 3), so it fetches and ingests arbitrary third‑party web content as primary evidence—exposing the agent to untrusted user-controlled pages that can influence extraction and subsequent actions.