qa-browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to navigate to and read arbitrary web pages (e.g., Phase 3/4 use of mcp__claude-in-chrome__navigate and mcp__claude-in-chrome__read_page) and even includes examples fetching external pages (curl https://example.com | python scripts/accessibility_auditor.py -), so the agent ingests untrusted public web content which is then used to drive testing, triage, and automated fix decisions.