testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's browser-testing patterns (references/browser-testing.md) instruct the agent to navigate to arbitrary URLs and extract/read page content (read_page, get_page_text, read_console_messages) — including "any logged-in site" like Gmail/Notion — which means it will ingest untrusted third-party web/user-generated content at runtime.