website-cloner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches arbitrary public URLs using WebFetch (website-analyzer Step 1) and later collects assets from the original site (website-builder Step 4), and the fetched untrusted HTML/JSON-LD content is parsed into analysis.json and fed into downstream planning/building steps that directly determine actions, so third-party content can materially influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The website-builder skill runs npm/npx install commands at runtime that fetch and execute remote packages (e.g., npx shadcn@latest init → https://registry.npmjs.org/shadcn), which are required for the build and therefore present a runtime risk because they execute remote code.