power-design-slides

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes arbitrary public websites via Firecrawl (see "Extract Brand from URL" and the brand_extractor.py example in SKILL.md) and then uses that untrusted "brand DNA" (colors, typography, voice, raw_markdown) as input that directly influences slide generation and behavior, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly scrapes arbitrary websites at runtime via Firecrawl (e.g., https://stripe.com or https://example.com) and returns raw_markdown/brand DNA that is injected into the generation prompt, so external URL content can directly control the agent's instructions.