htmlcsstoimage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly supports screenshotting arbitrary public URLs (see "4. Screenshot a Web Page (URL to Image)" and examples using url@/tmp/hcti_url.txt), meaning it fetches untrusted third‑party web content which the agent consumes as part of its workflow and could therefore enable indirect prompt injection.