setup-client-website

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Phase 1 steps explicitly instruct an agent to use WebFetch and an isolated browser to crawl the client's existing site and extract full page text, headings, CTAs, images, iframes (e.g., Vimeo/YouTube/Calendly) and other content (see "Phase 1: Audit and Research" — 1b Crawl All Pages and 1c Extract Visual Assets), which are untrusted third‑party pages whose content the agent must read and whose outputs drive subsequent scaffolding and actions.