qa-web-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to user-supplied target URLs (SKILL.md and steps/step-01-connect.md) and uses evaluate_script and other DevTools actions to read and interpret page DOM/CSS (steps/step-03-emulate-and-capture.md and steps/step-04-css-inspection.md), so arbitrary public/untrusted webpages can be ingested and materially influence testing decisions and tool actions.