validate-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The workflow explicitly requires adding a GitHub URL as a project (Phase 1, "Add Project (GitHub URL)"), clicking/validating artifact PR/commit/branch links and external links in assistant messages (Phase 5.9, 8.8), and interacting with those opened pages, which means the agent will fetch and act on untrusted public/user-generated web content (GitHub and arbitrary external links) as part of its required tests — exposing it to possible indirect prompt injection.