ui-cloner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 1 (references/phase1-site-dna.md and SKILL.md) explicitly instructs the agent to navigate to arbitrary user-supplied URLs in Chrome and extract DOM, stylesheets, @keyframes, scripts (GSAP/Lottie/etc.), and scroll/hover behaviors, and Phase 4 then pastes that extracted third‑party code into build prompts and uses it to decide libraries and runtime actions — meaning untrusted web content is fetched, interpreted, and can directly change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly opens and crawls a user-provided target URL (e.g., https://example.com) at runtime and extracts remote DOM/CSS/GSAP/Lottie code and @keyframes which are then pasted into build prompts and used to drive execution, meaning arbitrary external site content can directly control prompts or executed animation code.