website-refactor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly spawns a "content-extractor" to crawl and extract ALL content from a user-supplied ORIGINAL_URL (public website) and downstream teammates (designer, seo-manager, qa-auditor) read and act on that extracted content (content-inventory.md, src/data/*), so untrusted third-party site content can materially influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and invoking external companion skill packages via commands like "npx skills add saccoai/agent-skills@content-extraction -g" (and the corresponding ...@web-audit and ...@seo-migration), which fetch and run remote package code that the orchestrator depends on and that defines/controls teammate prompts and behavior at runtime.