webapp-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly lets the agent "Navigate to URLs" and says it can test "a locally running web application (or accessible URL)" and includes workflows that "verify text content", "inspect console logs", and interact with page elements — showing the agent will fetch and interpret third-party web pages (not just local) as part of its runtime testing, which could allow indirect prompt injection from untrusted web content.