web-validation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow instructs the agent to fetch and validate arbitrary URLs (e.g., python lib/web_page_validator.py , validate_url/validate_pages_with_auth) and to execute and inspect page content (console logs, DOM/script execution, and even injecting axe-core from https://cdnjs.cloudflare.com/…), so untrusted third‑party pages and scripts are read/interpreted and can influence validation results and automated remediation/CI decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill largely performs safe web validation tasks but explicitly suggests bypassing security (e.g., "Run as administrator or disable antivirus temporarily") which encourages privilege escalation or disabling protections, so it can push the agent to compromise the host.