qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Subagent Prompt Template and Tool Selection Rules explicitly instruct the agent to open and interact with user-supplied URLs via agent-browser/browser_navigate and to use browser_snapshot and DOM element refs for clicks/fills, so arbitrary public web pages could be ingested and influence the agent's subsequent actions.