visual-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill autonomously opens arbitrary external URLs (e.g., batch-scroll.sh / batch-compare.sh using ORIG_URL/IMPL_URL and agent-browser open/eval), extracts DOM/text/SVG via agent-browser eval (computed-diff.sh, layout-diff.sh), and Phase E explicitly mandates the LLM to read every reference+implementation image pair and DOM-derived data — so untrusted public web content is ingested and directly influences verification decisions and follow-up actions.