awesome-claude-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This SKILL.md explicitly instructs fetching public DESIGN.md files from third-party pages (e.g., https://getdesign.md//DESIGN.md and the curl examples) and uploading them to Claude Design, which will parse and act on that untrusted, externally hosted content—allowing arbitrary content in those files to influence the agent's outputs and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching external DESIGN.md files at runtime (e.g., curl -O https://getdesign.md/vercel/DESIGN.md and git clone https://github.com/VoltAgent/awesome-claude-design.git), and those fetched markdown files are then parsed/used by Claude Design to directly control generation/prompts, so they are runtime external dependencies that control agent behavior.