icon-craft

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Generation Mode Step 3 in SKILL.md explicitly instructs the agent to perform WebSearch and WebFetch against public sites (e.g., lucide.dev, phosphoricons.com, heroicons, tabler, and unpkg.com) and to retrieve and evaluate SVG data from those third‑party web sources, so the agent will read and act on untrusted public content that can influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime PNG export step can invoke npx to fetch and execute an external CLI (e.g., "npx @resvg/resvg-js-cli" which would pull code from the npm registry such as https://registry.npmjs.org/@resvg/resvg-js-cli), providing clear high-confidence evidence that remote code may be fetched and executed at runtime.