extract-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow (steps 1–2) explicitly runs npx designlang on arbitrary website URLs and reads the generated markdown (design-extract-output/*-design-language.md), meaning the agent ingests and interprets untrusted public web content from those URLs which can influence its subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running "npx designlang ", which at runtime fetches and executes remote code from the npm registry (e.g., https://registry.npmjs.org/designlang), so this external dependency is executed during runtime and is required for the skill to operate.