accessibility-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly supports scanning arbitrary URLs (Audit Scope "a URL") and instructs the agent to navigate to the user-provided site via mcp__playwright__browser_navigate, ingest the page (title, accessibility tree, screenshots, console messages) and base audit actions on that content, which exposes the agent to untrusted third-party webpages that could supply instructions or data influencing subsequent actions.