frontend-designer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md "Live Documentation (Optional)" section instructs the agent to consult live third‑party docs (via Context7 and WebSearch against site:tailwindcss.com, site:ui.shadcn.com, site:react.dev) and states "live docs win" if they contradict bundled references, meaning the agent will fetch and interpret untrusted public web content at runtime and let it influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running remote-fetch/install commands and pulling registry JSON at runtime (e.g., registryDependencies: "https://example.com/r/custom-widget.json" and use of npx shadcn@latest), which would fetch and execute remote code or inject remote component source into the project during runtime.