website-to-hyperframes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 capture flow explicitly fetches and ingests arbitrary public website content (via npx hyperframes capture <URL>) into files like capture/extracted/visible-text.txt, asset-descriptions.md, screenshots/, shaders.json, etc., and the SKILL.md and references require the agent to read and act on those untrusted, user-supplied web artifacts to drive script, storyboard, and composition decisions—allowing third-party page content to influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs a runtime capture command (npx hyperframes capture , e.g. https://stripe.com) that fetches a user-supplied website into capture/ and then directly injects the extracted visible-text, tokens, and assets into downstream prompts and sub-agents to generate DESIGN.md, SCRIPT.md, and STORYBOARD.md, so remote content controls the agent's instructions.