ui-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and examples explicitly instruct the agent to open and inspect arbitrary deployed URLs (e.g., "browse open https://staging.your-app.com --context-id ...", exploratory Workflow B) and even inject/run a third‑party axe-core script from cdnjs.cloudflare.com, so untrusted web content can be fetched, interpreted, and influence test decisions and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill injects and runs a remote script at runtime from https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.10.2/axe.min.js (via browse eval) to perform axe-core accessibility audits, so it fetches and executes external code which the skill relies on for deterministic checks.