test-fixer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to use browser_run_code / browser_navigate to visit public websites (e.g., https://www.olx.ro and other arbitrary URLs), capture DOM snapshots and visible text/links, and then use those results to change selectors and drive follow-up test-fixing actions, meaning it ingests untrusted third‑party web content that can materially influence behavior.