app-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflow requires browsing a user-specified app URL and reading/interpreting page content (see "Get App Details" and "Discover All Routes" in SKILL.md — it uses browser automation to navigate pages, read sidebars/menus, wait for data, and "Just do it" autonomously), so untrusted third-party web content can directly influence agent actions.