flow-walk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md) instructs Playwright to navigate to URLs from the flow YAML (page.goto(url)) and explicitly tells the agent to read/inspect the current page URL/DOM and screenshots to "Evaluate expect", meaning it ingests and interprets potentially untrusted public web content from arbitrary targets defined in .flowchad/flows/{name}.yml.