visual-verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly opens and navigates arbitrary webpages via Chrome CDP (e.g., scripts/open-tab.mjs --url , navigate.mjs, and resolveTab/--match usage) and then evaluates and inspects page DOM/content (e.g., dom-assert.mjs running custom scripts that read document.body.innerText, inspect-dom.mjs, annotate-screenshot.mjs), so untrusted/public third‑party page content is ingested and can directly influence assertion outcomes and subsequent actions.