scanning-accessibility

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and examples explicitly instruct scanning arbitrary web pages/URLs (e.g., Playwright/axe-core tests with page.goto, the Pa11y config "urls" entries, and the example_scan_results.scan_url), and scripts/README even references fetching WCAG guidelines from the web, so the agent will fetch and interpret untrusted public web content as part of its workflow.