ui-reverse-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill requires the agent to fetch and ingest arbitrary live website content provided by a user URL (see SKILL.md "URL input" and first-action pipeline), and its required steps explicitly download and read third-party CSS, JS bundles, images, fonts and DOM state via agent-browser eval (see asset-extraction.md "Download original CSS files (MANDATORY)", bundle-analysis.md "Download ALL loaded chunks (MANDATORY)", and many agent-browser eval/record/download commands), and those extracted, untrusted artifacts are then parsed to build transition-specs and drive generation/verification — so untrusted third-party content can materially influence the agent's actions.