build-daisyui-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires calling the daisyui-blueprint-Figma-to-daisyUI tool with a Figma URL in the mandatory "Workflow — Figma to daisyUI" (FETCH → ANALYZE → GET SNIPPETS → BUILD), which fetches and analyzes user/third-party Figma content (and refers to using existing websites/images) that the agent must read and that can influence subsequent actions—creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP server configuration explicitly runs an npx install (e.g., "npx -y daisyui-blueprint@latest" shown in the MCP/VS Code setup and claude mcp command), which fetches and executes remote code at runtime and is required for the skill to operate, so it is a runtime external dependency that can execute code.