prepare-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly invokes "stardust:extract --prep" (which runs the site extraction flow that fetches and analyzes pages from arbitrary URLs) and Phase 4 "assets prep" explicitly downloads external font files referenced in canon.css, so it ingests untrusted third‑party web content that can materially influence page typing, catalogs, and downstream actions.