chart-craft-plus

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly calls the brand-design-md flow (e.g., "cd /tmp && ... && npx getdesign@latest add " and "读生成的 DESIGN.md，提取 token 应用") to fetch DESIGN.md for a user-specified brand slug, which ingests external third-party content and uses its tokens to directly change generated HTML/CSS styles and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Flagged the runtime npx command "cd /tmp && mkdir -p design-md-tmp && cd design-md-tmp && npx getdesign@latest add " because the skill explicitly runs npx at runtime to fetch and execute remote package code and then reads the fetched DESIGN.md to extract CSS tokens that directly control the agent's output/style instructions.