open-codesign-ai-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sends prompts to external model providers (Settings → Providers / API Key Provider / customModels with baseURL like OpenAI/Anthropic/Gemini or arbitrary relays) and the SKILL.md "Generate a Design" workflow shows the agent panel using model responses to drive live progress, todos and tool calls, so untrusted third‑party LLM outputs can be ingested and materially influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt includes explicit instructions that bypass macOS Gatekeeper (xattr -cr on /Applications) and runs remote install scripts (curl ... | sh), which are actions that modify system state and can circumvent security protections.