ui-wireframe-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "ktr fetch" feature (see "Fetch Command" and "How It Works" step 1) explicitly fetches and parses HTML from arbitrary external URLs on the open web and injects text/meta content into .kui files, meaning the agent will read and interpret untrusted third‑party page content and could be exposed to indirect prompt injection.