clone-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests live third-party webpages and assets (e.g., Phase 0 “Acquire sources” → .clone-ui/source/raw.html, .clone-ui/source/rendered.html, screenshots, and the optional .clone-ui/source/.clone-ui/mirror/ mirror) and requires the agent to read and act on that content as the primary fidelity reference for planning and implementation, which meets the criteria for exposure to untrusted, user-generated web content that could carry indirect prompt-injection.