design-polish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs WebSearch and uses a capture script to fetch public reference URLs (e.g., dribbble.com, mobbin.com, godly.website) in "3단계 트렌드 검색" and "3-3. Bash로 레퍼런스 캡처" and then calls Read on those captured references for gap analysis and to drive improvements and optional code edits, so untrusted user-generated third‑party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs a runtime capture step that fetches arbitrary third‑party pages (e.g., node "${CLAUDE_PLUGIN_ROOT}/scripts/capture.cjs" ref "https://dribbble.com/shots/..." or ref "https://site1.com") and then Read() ingests those screenshots into the agent context, meaning external content fetched at runtime is injected into the model's input and can directly influence its outputs.