visual-qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly directs the agent to navigate to and interact with a user-provided app URL (Phase 1: "Get the URL from the user"; Phase 2: "Navigate to the app URL (mcp__claude-in-chrome__navigate)"), and to read page content and the accessibility tree (Visual Inspector uses read_page) as part of its testing workflow, which exposes the agent to untrusted third-party content that can influence actions.