premium-web-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires the agent to web_search/web_fetch public sites (Awwwards, Dribbble, Twitter/X, production-site HTML) and to source/embed community Spline scenes (my.spline.design / prod.spline.design), so the agent ingests and interprets arbitrary third‑party, user-generated web content as part of its required workflow, which can materially change subsequent design/tool actions (see "Step 1: Research the Industry" and "Step 2: Source Topic-Relevant 3D from Spline").

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's React runtime explicitly injects and executes a remote script (s.src = "https://unpkg.com/@splinetool/viewer@1.9.28/build/spline-viewer.js") and embeds remote Spline scene binaries (e.g. "https://prod.spline.design/[id]/scene.splinecode" or "https://my.spline.design/[slug]/") which are required for the skill's 3D rendering, so these URLs fetch and execute remote code at runtime.