extract-design-system

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates and ingests arbitrary public URLs and stylesheets (see SKILL.md usage "node scripts/extract.mjs " and scripts/extract.mjs calls like page.goto(url), page.evaluate(...) and the web_fetch step), so untrusted third‑party page content is read and directly shapes extracted tokens and subsequent actions.