extract-page-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly opens arbitrary URLs (scripts/extract.mjs → openPage in scripts/lib/browser.mjs), injects and executes page scripts (scripts/inject/extract-*.js) to extract theme/markdown/links, and the SKILL.md Theme Clone Workflow shows the extracted third-party page content is interpreted to drive downstream outputs (CSS generation, reconstruction), so it clearly ingests untrusted public web content that can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's ensureDependencies() runs npm/npx at runtime to install and run Playwright and download Chromium (e.g., via the explicit mirror URL https://npmmirror.com/mirrors/playwright), which fetches and executes remote code required for the skill to run.