Webdesign

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Webdesign skill's WebsiteToRedesign workflow explicitly fetches and ingests arbitrary live pages (it runs curl to save the provided URL to original.html and opens the page via the Interceptor for screenshots) and then feeds that HTML/screenshot into Claude Design as input for briefs and regeneration, so untrusted third‑party page content can be read and influence subsequent tool actions and prompts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill programmatically opens and drives the external web app at https://claude.ai/design during runtime (via Tools/DriveClaudeDesign.ts and the Interceptor), downloads handoff bundles (PROMPT.md) from that site which are then consumed as prompts/instructions for downstream code generation (frontend-design / Claude Code), and the skill requires Claude Design to function — so https://claude.ai/design is a runtime external dependency that directly controls agent prompts.