design-playground

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads arbitrary user-provided URLs/tweets/CodePens (see "If user provides a URL reference: 1. Fetch and read the source (use WebFetch or firecrawl)" and the "When user provides a URL, tweet, or CodePen" sections in SKILL.md), then extracts techniques and uses that content to drive playground construction, so untrusted third‑party content is ingested and can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and parses arbitrary user‑provided reference URLs at runtime (e.g., a CodePen or raw GitHub/URL such as https://codepen.io or a raw GitHub URL) and uses the fetched HTML/CSS/JS to extract the technique that directly drives the agent's generated playground code, so external content can control the agent's instructions.