impeccable-design-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md Step Three instructs the agent to run "npx skills add pbakaus/impeccable", which fetches and installs a public npm package (third‑party code/content) that the agent will load and invoke as part of its workflow, allowing untrusted external content to influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill will execute "npx skills add pbakaus/impeccable" at runtime to fetch and run the remote package (pbakaus/impeccable), which executes remote code and installs skills that directly affect agent behavior, so it is a required runtime external dependency that can control prompts/logic.