refero-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly requires using Refero MCP tools (search_screens, search_flows, get_screen, get_flow / Refero API https://api.refero.design/mcp) to fetch and deeply analyze real product screens and flows from public third-party sources, and those results are required inputs that the agent must read and use to drive research, decisions, and follow-up actions, creating a clear vector for indirect prompt injection from untrusted web-content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs agents to connect at runtime to Refero's MCP endpoint (https://api.refero.design/mcp) to fetch screens, flows, and AI-generated design guidance that are injected into the agent's context and directly influence prompts/decisions, so this external URL is a runtime dependency that controls agent instructions.