design-auditor

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt is largely consistent with its stated design-audit purpose, but it contains a deceptive instruction to "Skip silently. Do not mention it in the report" (for failed Code Connect calls), which instructs the agent to hide capability/failure information from the user and is outside the skill's advertised transparent auditing behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third‑party content (e.g., "Fetch the URL using web_fetch" for live website URLs and convert GitHub links to raw.githubusercontent.com in the "URL Input Spec", plus CodeSandbox/CodePen/Storybook fetches) and then reads and interprets that content as code/design input to drive framework detection, audits, and even automated edits (perform_editing_operations), so untrusted web content can materially influence agent decisions and actions.