design-mirror

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scrapes and screenshots arbitrary public websites via Bright Data (see scripts/scrape_html.sh and scripts/screenshot.sh) and instructs the agent in SKILL.md and references/* to read and analyze the fetched HTML/CSS and images to extract design tokens that drive subsequent code changes, meaning untrusted third‑party content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime scripts call Bright Data's API at https://api.brightdata.com/request to fetch arbitrary target HTML/screenshots which are then ingested by the agent and can directly influence model outputs, so this external endpoint is a required runtime dependency that can control the agent's prompts/behavior.