qa-web-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly navigates to and inspects a user-supplied target URL and reads the current page text (see SKILL.md and steps/step-01-connect.md), and then executes JS to extract DOM/content (steps/step-03-emulate-and-capture.md and steps/step-04-*.md), which clearly ingests untrusted third-party web content that can influence subsequent tool actions.