create-site

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires using WebSearch to find and select photos from Unsplash (public, user-generated content) and to inject axe-core from a CDN as part of its mandatory workflow, so the agent will fetch and interpret open third‑party content (Unsplash pages and remote CDN scripts) which can materially influence asset choices and tool actions and therefore could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Phase 6 explicitly states it "injects axe-core from CDN" at runtime to run accessibility audits, which means the skill fetches and executes remote JavaScript (axe-core) as a required runtime dependency (i.e., an external CDN URL is loaded and executed).