sleek-design-mobile-apps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly accepts arbitrary imageUrls that "are fetched by Sleek's servers" and its workflow requires extracting icon names from component HTML and fetching SVGs from the public Iconify API (GET https://api.iconify.design/{prefix}/{name}.svg) and uses Google Fonts links from external sites, so it clearly ingests content from open third-party sources as part of required runtime steps.