axi-front-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). Flagged because the SKILL.md workflow explicitly tells the agent to fall back to public UI kits/design systems ("没有就用一个公开的 UI Kit / 设计系统作为锚点（用户同意后）") and to "扫描来源文章/文档里的所有图片 URL" and also includes external CDN script URLs (unpkg.com), which require fetching open/public third‑party content that the agent is expected to read/interpret and that can materially influence its design decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires including remote scripts from unpkg.com (e.g. https://unpkg.com/react@18.3.1/umd/react.development.js, https://unpkg.com/react-dom@18.3.1/umd/react-dom.development.js, https://unpkg.com/@babel/standalone@7.29.0/babel.min.js), which are fetched at runtime by produced HTML and execute remote code that the skill relies on for React/Babel prototypes.