snapshot-to-nextjs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Wave 0 extraction explicitly scans HTML/CSS for external URLs and downloads them (see "Find All External URLs" / "Download Assets by Category" in the Wave 0 / references/foundations-agent.md and the Asset Download & Cataloging sections in SKILL.md), meaning the agent fetches and ingests arbitrary third‑party web content which can directly influence parsing, tokens, behavior specs, and build decisions.