website-cloner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill navigates to arbitrary user-supplied URLs via the /clone-website command and its sub-agents (website-screenshotter and website-extractor using Playwright) fetch/download assets and extract styles/content into public/ and context.md, causing the agent to ingest untrusted third‑party webpage content.