cc-design-html-prototyping

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Progressive Brand Loading and troubleshooting instructions explicitly instruct loading brand design systems from an external public URL (https://getdesign.md/brands/{brand-name}.md and "Load the Stripe design system from getdesign.md"), so the agent will fetch and interpret third‑party web content that can materially influence design decisions and tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly defines a runtime "Progressive Brand Loading" source (https://getdesign.md/brands/{brand-name}.md) and references loading brand design systems from getdesign.md at runtime, which would fetch remote content that directly controls the agent's design prompts/instructions and is presented as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill includes explicit privileged commands (e.g., "sudo apt install ffmpeg", "sudo npx playwright install chromium") and troubleshooting steps that instruct running sudo/install commands and manipulating files, which would modify the host system state and require elevated privileges.