pixel-pusher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and analyze user-provided/public URLs (see Stage 2: "If user provides URLs, fetch them first to analyze the design patterns" and the example workflows that request competitor URLs), so the agent will ingest arbitrary open-web content (untrusted/user-provided) as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches arbitrary user-provided reference URLs at runtime (e.g., "user-provided reference URLs" / competitor/inspiration URLs supplied by the user) and injects their content into the model to extract design systems and drive generation, so external content can directly control prompts and is required before progressing.