css-first

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required "Live MDN Fetch Workflow" (references/live-mdn-fetch.md) instructs the agent to fetch public third‑party data (e.g., https://unpkg.com/web-features/data.json, https://unpkg.com/@mdn/browser-compat-data/data.json) and to open/extract content from MDN pages (developer.mozilla.org) and use those live pages to drive decisions and responses, which exposes the agent to untrusted web content that can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's live MDN fetch workflow explicitly instructs runtime fetches of external JSON (e.g., https://unpkg.com/web-features/data.json and https://unpkg.com/@mdn/browser-compat-data/data.json) which are used as authoritative inputs to determine Baseline status and drive the agent's responses, so these URLs are runtime dependencies that directly control prompts/behavior.