webapp-testing

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (medium risk: 0.60). The prompt instructs a dispatched subagent to read a local/internal file ("~/.claude/skills/webapp-testing/SKILL.md"), an action outside normal web-app testing needs that could access/internalize sensitive data, so it constitutes a hidden/deceptive instruction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly tells the agent to navigate to and interact with arbitrary web pages (e.g., page.goto('https://example.com'), "Screenshot a URL", and the "Reconnaissance-Then-Action" steps that "identify selectors from rendered state" and "Read page content"), so untrusted third‑party page content can be fetched, interpreted, and used to drive automation decisions.