cc-design-html-prototyping
Warn
Audited by Snyk on Apr 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly describes automatic loading/fetching of brand design systems from the public site https://getdesign.md (see "Explore" step and "Brand Style Cloning" section) and uses those externally fetched tokens to drive design decisions, so untrusted third‑party content is read and influences the agent's actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill loads and depends at runtime on remote CDN JavaScript that is fetched and executed in the prototype (e.g., https://unpkg.com/react@18.2.0/umd/react.development.js, https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js, https://unpkg.com/@babel/standalone@7.23.5/babel.min.js, and https://cdn.tailwindcss.com), which means external code is executed during Playwright/browser verification and is a required runtime dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata