openpencil-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly includes fetching and ingesting arbitrary external media via image src/image fill URLs and search-generated images (e.g., the "image" src examples, "imageSearchQuery"/AI image placeholders, and the DSL G(parent, "search", "query")), which are untrusted third-party sources and would be read/used by the agent during design/refine operations and thus could indirectly inject instructions or alter behavior.