design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read external repositories and URLs and to import brand presets (see SKILL.md "When the user provides a repository URL or pastes source code" and references/design-reference.md "Brand preset flow" / "When only a URL is provided"), so it ingests untrusted third‑party content that the agent is expected to interpret and that can materially change design decisions and generated code.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's "Brand preset flow" explicitly tells the agent to run npx getdesign@latest add <brand> with user approval and then "read the generated DESIGN.md" from the VoltAgent catalog at https://github.com/VoltAgent/awesome-design-md, which means it may fetch and execute remote npm code and ingest external files at runtime that could directly control prompts or execute code.