convert-url-to-nextjs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs live captures of arbitrary public URLs and mirrors/downloads external DOM, CSS, JS, fonts and images as part of the required Capture Wave (see references/capture-workflow.md "Concrete Capture Loop" and the live-capture/asset mirroring rules in references/foundations-agent.md), so untrusted third‑party page content is ingested and directly influences extraction and build decisions.