efecto-web-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and ingest external content — e.g., using the search_images tool (Lummi image URLs) and importing CSS/design tokens from "a user's repo" or arbitrary CSS files via set_theme — which are untrusted third-party sources and are read/used at runtime to drive theme, image, and design tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). I flagged https://efecto.app (and the related install command "npx -y @efectoapp/mcp") because the skill requires the Efecto MCP server and explicitly instructs running npx to fetch-and-execute remote code at setup/runtime, which the agent depends on to operate.