fe-codegen-workbench

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). 在步骤 2.5/3.5 的“远程优先”链路中，运行时会从 getdesign.md 抓取 index.json 与各品牌的 DESIGN.md（外部网页/第三方内容），并将其解析后的文本/字段注入到后续 LLM 上下文用于主题 token 生成与审查。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill clearly performs runtime fetches from https://getdesign.md/ (used to load index.json and per‑brand DESIGN.md which directly control the 3+1 recommendation prompts and the generated theme tokens) and also runs a remote CLI via pnpm dlx create-admin-platform@latest (fetches & executes code from the npm registry to scaffold new admin projects), so external content is fetched at runtime and directly controls prompts or executes code.