mcp-client

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md (and references/mcp-servers.md) explicitly shows using the Playwright MCP tools (browser_navigate and browser_run_code) to visit arbitrary public URLs (e.g., page.goto("https://example.com") / "https://www.olx.ro") and return accessibility trees/HTML/snapshots that the agent is expected to read and use to drive further interactions, which exposes it to untrusted third-party web content that could carry indirect prompt injection.