refero-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill connects the agent to Refero MCP (e.g., refero_search_screens_tool / refero_get_screen_tool / refero_get_flow_tool against https://api.refero.design/v1/mcp) and explicitly instructs the agent to fetch and analyze public third‑party screens and flows (product screenshots and metadata from refero.design and many external products), which the agent will read and interpret as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires connecting to Refero MCP (https://api.refero.design/v1/mcp), which the agent calls at runtime (e.g., get_screen, get_flow, get_design_guidance) to fetch external content that directly shapes prompts and agent instructions, making it a required runtime dependency that controls behavior.