cro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Required Context explicitly asks for a "Page URL or description" and the Process (Standard Landing Page Audit step 1) instructs the agent to "review the page as a first-time visitor" and produce reports with screenshots/references, which clearly requires ingesting and acting on arbitrary public web page content.