design-systems

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads third‑party DESIGN.md files (Read: ~/.claude/skills/design-systems/reference/{directory}/DESIGN.md) which are sourced/synced from the public GitHub repo VoltAgent/awesome-design-md and public websites (via assets/scripts/sync_upstream.py), and the required workflow (Step 4/Step 5) tells the agent to use the files' "Agent Prompt Guide" and example prompts as templates — meaning untrusted, user-generated web content is ingested and can directly change the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime sync step that clones/pulls the upstream repository https://github.com/VoltAgent/awesome-design-md (via assets/scripts/sync_upstream.py), and those fetched DESIGN.md files contain "Agent Prompt Guide"/example prompts which the agent is instructed to read and directly use at runtime, so the external URL can directly control agent prompts.