sg-record

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The recorder explicitly opens a user-supplied URL (sg-record invocation / sg-record.mjs page.goto(url)) and injects recorder-toolbar.js which reads element.textContent and other page data to produce recorded steps that actions-to-yaml.mjs turns into assert_text or llm-check entries, so arbitrary third‑party page content is ingested and can influence subsequent test execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The recorder opens the user-supplied target URL (e.g. http://localhost:6969) in Playwright and uses context.exposeFunction('__sgBridge', ...) which allows any script loaded from that remote page to call window.__sgBridge and inject arbitrary events that become recorded steps/manifests (i.e., remotely-controlled instructions), so the fetched URL can directly control the generated test instructions.