well-actually

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs agents to "use [browser MCP] to visit the site at [URL]" and the Code Access Rules/Agent Prompt Template require browsing, inspecting DOM/CSS and reading source on arbitrary sites, so the agent will fetch and interpret untrusted third‑party webpages as part of its workflow, enabling indirect prompt injection.