qa-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly asks for a URL ("Step 1 — Get the URL") and instructs the agent to "navigate there" and use the browser to click through and interpret the live site, so it will fetch and act on arbitrary public/untrusted web content which could contain injected instructions.