wp-static-clone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Phase 1 and Phase 2 and AGENTS.md) explicitly fetches a live site's sitemap (sitemap_index.xml / sitemap.xml) and then wget-scrapes every URL, assets (including robots.txt, Yoast XSL, Gravatars), and the agent parses that scraped HTML (rewrite-paths.py, strip-wp-runtime.py, selfhost-gravatars.py, etc.) to drive rewrites, removals, and deployment decisions — i.e., untrusted public web content is ingested and directly influences tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly curls the source site's sitemap (e.g. https://example.com/sitemap_index.xml and any child sitemap URLs it references) at runtime and uses those fetched XML URLs to build urls.txt which directly drives the agent's scraping actions, so remote content controls runtime behavior and is a required dependency.