rico-ui-ux-themes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and extract designs from arbitrary public websites (e.g., "rico create theme: stripe.com" and the Theme Generation workflow using the webReader tool) and then uses that scraped content to generate and potentially apply themes to the project, meaning untrusted third‑party pages can directly influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly uses a webReader to fetch external pages at runtime (e.g., "Fetch stripe.com design features" / https://stripe.com) to extract design information that is injected into the theme-generation flow, so remote page content can directly control the agent's outputs.