component-creater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow's Step 1 requires calling get_dsl on the provided design_file_url (e.g., a Figma link or hosted design asset) and parsing the returned DSL JSON, which is then used throughout Steps 2–5 (registry searches, installs, and code generation), so arbitrary untrusted third-party content can directly influence tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls get_dsl on the user-supplied design_file_url (e.g., a Figma or hosted design asset URL) at runtime and parses the returned DSL JSON to drive all subsequent mapping and code-generation steps, so the external URL's fetched content directly controls the agent's behavior and is a required dependency.