ui-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly records and scrapes arbitrary public websites and authenticated browser tabs (see SKILL.md/README examples like "Analyze stripe.com" and the scripts/scripts-extract-website.sh and lib/website-extractor/browser.js record-website flow) and then ingests and interprets that content to generate design systems, implementation recommendations, and automated Figma pushes, so untrusted third‑party content can directly influence agent decisions and tool use.