diagram-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's onboarding flow explicitly fetches and renders arbitrary user-provided websites (references/onboarding.md and the SKILL.md first-run gate) to extract colors and fonts and then applies those tokens to diagram generation, so it ingests untrusted public webpage content that can materially change subsequent behavior (style tokens, focal accents, and gating decisions).