cloning-websites-to-weaverse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires scraping arbitrary reference URLs with Firecrawl (see Workflow step 3 and Firecrawl Rules) and ingests the returned HTML/markdown to build a content manifest and drive cloning, section-matching, and code-generation decisions, meaning untrusted third-party page content can materially influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires runtime scraping of arbitrary external reference sites via Firecrawl (e.g., the command firecrawl scrape "") and explicitly uses the fetched HTML/markdown as a required input that directly drives agent decisions and content injected into the preview/manifest, so the external "" used with Firecrawl is a high-confidence runtime dependency that can control the agent's prompts.