ralph-kage-bunshin-start

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "UI Clone Detection" workflow explicitly instructs the agent to invoke /ui-capture on a user-provided reference URL (capturing full-page screenshots, videos, and regions.json) and then use those captured third-party page assets to pre-fill the Goal dimension and scope tasks, which clearly ingests untrusted public web content that can influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill invokes /ui-capture to fetch user-provided reference pages at runtime (e.g., the example reference URL https://example.com) and uses the captured assets/regions.json to pre-fill the Goal dimension and drive spec/task generation for clone projects, so external page content can directly influence the agent's prompts/context and is a required dependency for cloning flows.