refero-styles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI explicitly fetches and scrapes DESIGN.md from the public site (see fetch_design_md in refero.py which GETs /style/ and SKILL.md/README notes that "DESIGN.md" is "written to be read by an LLM" and should be used for agent prompting), so untrusted third-party content is ingested and used to drive agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime code calls https://styles.refero.design (e.g., /style/ and /api/styles/) to fetch DESIGN.md and token JSON which are explicitly intended to be ingested as agent-facing prompts/context, so external content from https://styles.refero.design directly controls what the agent sees at runtime.