test-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI scripts (e.g., navigate.js, aria-snapshot.js, snapshot.js, evaluate.js, network.js and console.js) accept arbitrary --url values and load/scrape public web pages and their DOM/console/network data, so the agent will read and interpret untrusted, third‑party user-generated web content at runtime.