superdesign

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content mandates automatically fetching remote instructions, installing and running a third‑party CLI, and uploading full source files (including potentially sensitive code/config) to an external service without explicit user consent — creating clear vectors for data exfiltration and supply‑chain compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory init and runtime rules require automatically fetching and following instructions from public raw GitHub URLs (https://raw.githubusercontent.com/superdesigndev/superdesign-skill/main/skills/superdesign/INIT.md and …/SUPERDESIGN.md), and those fetched documents are explicitly read and acted on to drive analysis and CLI/tool actions, so untrusted third‑party content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent at runtime to fetch and follow the raw GitHub files https://raw.githubusercontent.com/superdesigndev/superdesign-skill/main/skills/superdesign/INIT.md and https://raw.githubusercontent.com/superdesigndev/superdesign-skill/main/skills/superdesign/SUPERDESIGN.md, whose fetched contents directly control prompts/instructions and are required for the skill to run.