web-page-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes arbitrary webpages (e.g., asset-extraction.md calls get_page_map/firecrawl_map, data-generation.md calls get_page_markdown and Firecrawl batch_scrape, and prototype-restoration.md uses get_page_screenshot and download_page_data), and those untrusted public page contents are read and used to drive theme/data/doc/prototype generation—so third‑party content can materially influence agent actions.