tldraw-skill

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt contains deceptive/hidden operational instructions outside the diagramming purpose—e.g., to "swallow the error silently and continue" and to refresh/write a .last_update state (mutating the skill) despite earlier "never mutate" guidance—which instructs the agent to hide failures and persist state without transparent user-visible behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (Step 0 "Update check" in SKILL.md) runs git ls-remote against the upstream "origin" to fetch tags and uses that remote metadata to decide whether to prompt and potentially run git pull (if the user agrees), which clearly ingests untrusted upstream repository content that can materially change the skill's code/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill will run "npm install -g @kitschpatrol/tldraw-cli" at runtime to fetch and install the tldraw CLI (i.e. code pulled from the npm registry such as https://registry.npmjs.org/@kitschpatrol/tldraw-cli), which downloads and installs remote executable code that the agent then runs to export images.