smartui-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's playbook and SKILL.md explicitly instruct running static crawls and visiting external URLs (e.g., "npx smartui --config .smartui.json capture urls.json" in §2 "Static URL Testing" and many page.goto(...) examples), which causes the tool to fetch arbitrary public web pages whose untrusted content can affect screenshots, diffs, approvals, and CI gating.