qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates and inspects arbitrary external URLs and runs WebSearch as part of its required workflow (e.g., $B goto used throughout Orient/Explore/Diff-aware phases and "Use WebSearch" in Test Framework Bootstrap B2), so it ingests untrusted public web content that can materially influence its testing, fix, and commit decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup step will, at runtime, curl and execute the remote installer script from https://bun.sh/install (downloaded to a tmpfile and run with bash), which fetches and runs remote code as a required dependency for the browse/bootstrap flow.