ux-extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Discovery" and "Capture Phase" explicitly requires crawling and fetching content from a target web app (checking /sitemap.xml and /robots.txt, nav crawl, in‑app discovery) and using Playwright/Chrome MCP to capture screenshots, copy verbatim text, inject JS, and download assets from public sites — i.e., it ingests untrusted third‑party web content as part of its workflow.