website-to-hyperframes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to fetch and capture arbitrary websites via "npx hyperframes capture " (references/step-1-capture.md) and to read and summarize extracted third‑party content such as capture/extracted/visible-text.txt and capture/extracted/asset-descriptions.md, then use those page texts and assets to drive SCRIPT.md, STORYBOARD.md and composition decisions (references/step-3-script.md, step-4-storyboard.md), so untrusted web content is ingested and can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and ingests an arbitrary website at runtime via the capture command (npx hyperframes capture , e.g. https://stripe.com), and then reads the extracted files (visible-text, tokens.json, asset-descriptions.md, etc.) which are used directly to drive prompts/instructions and downstream content generation, so a malicious or crafted target URL could supply content that controls the agent.