frontend-checklist-global

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow can ingest outsider-authored free text when the user supplies a public URL to audit_url, causing the agent to fetch and read arbitrary third-party page content (public web content category) into the LLM context for auditing.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly relies on MCP retrieval of the Front-End Checklist rules at runtime and references the raw rules URL https://frontendchecklist.io/llms-full.txt, which would be fetched to supply the rule text that directly controls agent prompts and outputs.