page-cro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires getting a live page URL or page content ("Before You Start" step 1: "Get the page URL or content — Either a live URL, screenshot, or the page code/copy"), so the agent is expected to ingest and interpret arbitrary public web pages (untrusted third‑party content) as part of its audit workflow, which could enable indirect prompt injection.