app-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary remote or localhost URLs (Phase 0: "Determine Target URL") and uses Playwright MCP to take accessibility snapshots and analyze page structure (Phase 1: "Use browser_navigate" and "browser_snapshot") — meaning it fetches and interprets untrusted third-party web content and then drives tests/actions based on that content.