htmlcss-to-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Popular actions explicitly include "Create Image from URL — Take a screenshot of any public webpage" and the documented "membrane request" proxy allows fetching arbitrary external endpoints, meaning the agent will fetch and render untrusted public-web content as part of its workflow.