ui-cloner-forensic-audit

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly instructs a step-by-step "UI cloning" pipeline that automates exhaustive extraction of a target site's DOM, visuals, animations, and technical stack to produce a reproducible "Site DNA" — a workflow that clearly facilitates intellectual-property theft, brand impersonation, and phishing (no direct malware/exfiltration code present, but the intent and operational guidance are deliberately enabling misuse).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged: the skill explicitly directs the agent to analyze a target URL and run in-page console probes and screenshots that read the document DOM, element textContent, computed styles, and other page assets (see Overview and Steps 1.1–1.8), thereby ingesting arbitrary public webpage content that can influence subsequent tool use and decisions.