awesome-design-skills-registry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs agents to pull and read public SKILL.md files from the open registry (e.g., via "npx typeui.sh pull " and the programmatic fetch example to https://typeui.sh/api/skills/) and explicitly says "Claude Code reads SKILL.md" and to reference "@design-skills/.../SKILL.md", so untrusted, public skill content can be ingested and directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill pulls SKILL.md files at runtime from the TypeUI registry (e.g. https://typeui.sh/api/skills/{slug} or https://typeui.sh/design-skills) via npx/typeui.sh, and those fetched SKILL.md files contain AI-agent instructions that directly control prompts, so this is a runtime external dependency that can control the agent.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt includes troubleshooting instructions that recommend running commands with sudo and changing file ownership (e.g., "sudo npx typeui.sh pull..." and "sudo chown -R $USER:$USER ."), which encourages use of elevated privileges though it doesn't explicitly modify system services or create accounts.