clone-website

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly extracts a target URL from the user request and scrapes content from arbitrary public websites using Firecrawl (firecrawl-mcp___firecrawl_scrape / fallback crawl), then reads and analyzes the scraped HTML/markdown and images in Phase 2, so it consumes untrusted third‑party web content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes firecrawl-mcp___firecrawl_scrape at runtime to fetch the user-supplied TARGET_URL (e.g., [TARGET_URL]), and the scraped page content is injected into the mandatory analysis and subsequent code-generation steps, so the remote content directly controls agent prompts and is a required dependency.