a11y-debugging

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs fetching public web content (e.g., the "Reading web.dev documentation" note about appending .md.txt to fetch web.dev articles) and the core workflow requires navigating to arbitrary pages and using tools like take_snapshot, evaluate_script, list_console_messages and Lighthouse whose outputs the agent reads and acts on, so untrusted third‑party page content can materially influence behavior.