generate-ui-from-brand

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests content from arbitrary URLs as part of its required Step 1 — Extract (e.g., get_design_tokens(url) or running npx dembrandt <url>), and then reads and uses the extracted live design tokens to drive normalization and UI/UX decisions, which could be influenced by untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running "npx dembrandt --design-md --pages 3", which uses npx to fetch and execute the remote "dembrandt" npm package at runtime (executing remote code), so this is a runtime external dependency that can control execution.