design-md-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's URL mode and scripts/extract_css.py explicitly fetch arbitrary public websites and their linked CSS (see SKILL.md "URL → DESIGN.md" and scripts/extract_css.py fetch/collect_css), then pass the extracted JSON to the downstream agent (Claude) to fill the DESIGN.md, so untrusted third‑party content is ingested and can directly influence agent outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime script scripts/extract_css.py fetches arbitrary user-supplied site URLs (e.g., https://neverjp.com/ from the examples) and any linked CSS resources, parses them, and the resulting JSON is used to populate the DESIGN.md prompts given to downstream agents—so remote content directly controls agent prompts.