web-assessment-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly accepts a target_url and instructs "Use browser automation for stateful UX flows" and to "Capture request context and response deltas" and to escalate or pivot based on detected signals, meaning the agent fetches and interprets responses from arbitrary web targets (untrusted third‑party content) which can influence next actions.