frontend-ui-clone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and renders an arbitrary user-supplied TARGET_URL (see Phase 2 Level 1 "Render & Scroll" using Playwright page.goto(TARGET_URL)) and then extracts the rendered DOM/CSS and downloads external styles/assets (Step 3 and Optional Asset Download), meaning it ingests untrusted public web content which is read and used to determine extraction strategy and injected behaviors.