lanhu-mcp-collaboration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows (e.g., analyze_requirements_document, view_design_document, export_design_slices) explicitly fetch and parse public Lanhu URLs (https://lanhuapp.com/... shown in the SKILL.md "Requirements Analysis" and "UI Design Analysis" sections) — user-generated design/prototype content that the agent reads and uses to drive analysis, code generation, and follow-up actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.85). The skill explicitly instructs cloning and running remote code from https://github.com/dsphper/lanhu-mcp (git clone + setup/install scripts) and also fetches live Lanhu documents at https://lanhuapp.com/web/#/... during runtime which are injected into the AI context to drive analyses, so external content is fetched at runtime and can execute code or directly affect agent prompts.