ui-demo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Discover and Rehearse phases explicitly navigate to and evaluate arbitrary web pages—e.g., the Discover page.evaluate DOM dump (document.querySelectorAll('input, select, textarea, button, [contenteditable]')) and the script template's page.goto(${BASE_URL}/dashboard) plus ensureVisible's visible-element dumps—so it ingests untrusted third-party page content that directly drives selector choice and subsequent actions.