qa-run

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly navigates to and runs browser flows against an arbitrary --base-url (and external sites like Gmail/Outlook) and executes flow steps from qa/browser-flows, meaning the agent will fetch and read untrusted public web pages as part of its workflow and those pages could influence subsequent actions.