visual-qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs the agent to capture or ingest screenshots from the current page and from arbitrary image URLs ("browser: screenshot" and "image: [path or URL to screenshot]"), meaning the agent will read and act on visual content from open/public web pages or URLs which could contain untrusted, user-generated text that influences its analysis and next actions.