ui-cloner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly asks the user for a URL and instructs Phase 1 (ui-cloner-forensic-audit) to "analyze the target URL," meaning it will fetch and interpret content from arbitrary public websites (the supplied URL) which can directly influence subsequent tool actions and prompts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly accepts and analyzes a user-provided target website URL (the site being cloned), invoking the forensic audit at runtime to fetch and use that remote site's content to generate replication prompts, so the user-provided URL is a runtime external dependency that directly controls prompts.