using-meticulous

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to read and diff full HTML snapshots from recorded pages (the before.dom fields in ~/.meticulous/replays/.../*.metadata.json, described in "Step 4 — Analyze the HTML diff for each diffed screenshot"), which are page contents captured from the live/original recorded URL and therefore can be untrusted or user-generated and are used to drive analysis and decisions about regressions.