testing-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's test runner templates and commands explicitly execute HTTP requests and browser navigations to arbitrary URLs (e.g., "command: curl -s https://api.example.com/...", WebFetch, and Playwright "navigate: https://...") and validate the returned content, so the agent will fetch and parse untrusted third-party web content as part of its workflow (tests/specs, create-tests, and run-tests handlers).