cc-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public brand design documents and web content (e.g., "Fetches Stripe's DESIGN.md from getdesign.md" in EXAMPLES.md and the SKILL.md hard-flow "WebSearch → product-facts.md" plus routing entries referencing references/getdesign-loader.md), so it will read and apply untrusted, community/public website content that can materially influence design decisions and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly fetches brand design files at runtime (e.g., "Fetches Stripe's DESIGN.md from getdesign.md") and injects that content to control design decisions and generation, so https://getdesign.md is a runtime external dependency that directly controls the agent's instructions.