vue-creater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 2 (Sync Design Data) explicitly supports a "Custom Design DSL" URL or a TOKEN_URL_LIGHT .env URL which the agent fetches via the get_dsl tool, and Step 3 then runs get_token to read and inject that DSL into the project's Tailwind configuration—so untrusted third-party content is fetched and directly influences subsequent tool actions and configuration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The initializer scripts write an .npmrc pointing to https://registry.npmmirror.com/ and then run package installs (bun install / npx), so at runtime this external registry is used to fetch and execute remote packages (remote code execution risk).