regulars

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Agent Prompt Template and workflow explicitly instruct agents to "Use the browser MCP tools to navigate the site at [URL]" and to "read the site's navigation/content to identify" flows, meaning the agents fetch and interpret arbitrary public website content (untrusted third-party pages) which directly drives clicks, form submissions, and follow-up actions.