ui-reverse-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires a reference URL and routinely opens and scrapes live sites (see SKILL.md "URL input" and "First action — always" which runs agent-browser on ), downloads and reads third‑party CSS, images, fonts, and JS bundles (see asset-extraction.md and bundle-analysis.md), and uses those extracted DOM/CSS/JS values (e.g., transition-spec.json, bundle-map.json) to drive tool use and generation — therefore untrusted external content is ingested and can materially influence agent behavior.