pixel-perfect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to load and inspect live websites/clickable demos (see "Input preference order" and Phase 3 Mode A / references/measurement-chrome-devtools.md which use mcp__chrome-devtools__new_page / mcp__chrome-devtools__navigate_page), treating those arbitrary public pages as the primary measurement source and using their content to drive measurements, specifications, and implementation decisions—so untrusted third-party content can materially influence actions.