takeoff-ui-vite-frontend-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to query an external MCP server (e.g., the remote URL https://takeoffui.turkishtechlab.com/mcp and the "use takeoff-ui-mcp" usage tips) and to consult public TakeOff UI docs (takeoffui.com), so the agent will fetch and interpret untrusted third‑party web content for component discovery and examples.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill configures and recommends using the remote MCP server at https://takeoffui.turkishtechlab.com/mcp at runtime (used via the "mcp-remote" argument and "use takeoff-ui-mcp" prompts) which provides component suggestions and code-refactoring capabilities that directly influence agent prompts/instructions and is relied upon for the MCP-assisted workflows.