site-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly runs Playwright browser_run_code that navigates arbitrary public websites (e.g., await page.goto("https://example.com") in Phase 1/2/3) and extracts links, forms, error messages, snapshots and page text which the agent ingests and uses to decide next actions (site mapping, test generation), so untrusted third‑party page content could indirectly inject instructions.