designlang-design-extract

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and encourages embedding cookies, Authorization headers, and API tokens directly into CLI commands (e.g., --cookie "session=abc123", --header "Authorization:Bearer $TOKEN"), which requires the LLM to include secret values verbatim and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly crawls arbitrary public websites with a headless browser and ingests their live DOM/styles (see "designlang crawls any website with a headless browser (Playwright)" and the npx designlang examples in SKILL.md), and those extracted outputs are used to generate markdown/tokens and drive downstream actions, so untrusted third‑party content can materially influence the agent.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly crawls arbitrary external sites at runtime (e.g., https://your-production-site.com — examples include https://stripe.com) to generate AI‑optimized markdown that is intended to be injected into LLM prompts/agent rules, so the fetched remote content can directly control agent instructions and is a required runtime dependency.