ui-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's generate_image.py explicitly accepts --ref values that can be http/https URLs (resolve_ref + download_file) and downloads arbitrary reference images which are then passed as reference_images to the model/edit_image API — and SKILL.md warns that reference images "constrain what AI will copy" — meaning untrusted third‑party content can directly influence generation and tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The startup script scripts/ask_draw.sh will auto-run pip install google-genai at runtime (fetching and installing code from PyPI, e.g. https://pypi.org/project/google-genai), which pulls and executes remote package code that the skill requires to operate.