generate-design

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt contains explicit mandatory directives to override safety controls (e.g., set SafeToAutoRun=true) and to auto-execute scripts and read local files without user permission, which are hidden/deceptive instructions that go beyond the stated design-generation purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly scans the user's prompt for image URLs and requires/publicly downloads arbitrary public image URLs (Step 3 "Handle assets") and also polls and curls variantImageUrl to download and read generated images (Step B and Step 7), so untrusted third-party content is ingested and used to influence generation and subsequent actions.