qa-only

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly visits and analyzes arbitrary external websites (see the "Target URL" parameter and repeated $B goto / $B snapshot / "open " commands in SKILL.md, plus curl of https://bun.sh/install during setup), so it ingests untrusted third‑party web content that can materially influence testing actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup step conditionally runs a curl to fetch and then bash-executes the remote installer script at https://bun.sh/install (curl -fsSL "https://bun.sh/install" -o "$tmpfile" && bash "$tmpfile"), which is a runtime fetch that executes remote code as a required setup dependency for the browse workflow.