qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly tells the agent to navigate to and interact with arbitrary target web pages (e.g., "$B goto " in Phase 3/Phase 4 and the per-page exploration steps in SKILL.md), snapshot and read page HTML/links/console output, and then act on that content—therefore it ingests untrusted third‑party web content that can materially influence actions.