frontend-reactor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Mode C and validation workflows explicitly fetch and crawl live public URLs (using frontend-ui-clone and Playwright in Phase 0C and Phase 6 / knowledge/site-discovery.md and knowledge/playwright-validation.md), produce a runtime JSON of interactive elements, and then use that data to drive component fixups, link rewrites, auto-fixes, and validation — meaning untrusted third‑party page content is ingested and can materially alter the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Mode C explicitly fetches and parses the user-provided HTTP(S) site at runtime (e.g., https://linear.app) via Playwright/frontend-ui-clone, and the retrieved HTML and interactive JSON are used directly to drive the conversion prompts and generated code, so that external URL content can control agent behavior.