convert-snapshot-nextjs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Wave 0 extraction explicitly requires discovering and downloading external URLs (e.g., "Find All External URLs" and "Download Assets" in references/foundations-agent.md Step 11 and the SKILL.md rule "Download remote assets during Wave 0 and map them to local paths"), so the agent will fetch and parse arbitrary public third‑party resources referenced by snapshots and use their contents to drive token extraction and build decisions.