webapp-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's core capability "Navigate to URLs" and examples using page.goto plus the note "a locally running web application (or accessible URL)" show the agent can browse arbitrary web pages and capture/inspect their content (titles, text, console logs, screenshots), which exposes it to untrusted third-party content that could carry indirect prompt injections.