award-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly supports a -u <url> flow and (see SKILL.md step 1 and references/brand-extraction.md) instructs the agent to read and reverse‑engineer live public websites (arbitrary URLs) as part of its workflow, meaning untrusted third‑party page content is ingested and used to seed archetype recommendations and DESIGN.md outputs, which can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's brand-extraction flow explicitly fetches and "reads" a user-supplied live site URL passed as -u (e.g., https://) at runtime and uses that site's content to seed archetype recommendations and produce the DESIGN.md, so external content fetched from that URL directly controls the agent's prompts/output.