cc4d

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 3 explicitly instructs "If they provide a link: Use WebFetch to analyze the reference site" (steps/03-gather-idea.md), meaning the agent will fetch and interpret arbitrary user-provided public websites and use those observations to guide building decisions, which could allow indirect prompt injection from untrusted web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly calls for using WebFetch at runtime to fetch and analyze an arbitrary user‑provided design reference URL (i.e., the external URL the user supplies, fetched via WebFetch such as https://), and then uses the extracted content to drive the agent's build instructions — so fetched external content directly controls prompts/behavior.