ux-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly drives a browser against live web apps (SKILL.md Phases 1–3 discovery/walkthrough, "Public site → Playwright MCP", sitemap/nav crawl, interaction manifest) and injects third‑party assets (axe-core from the CDN at references/a11y-automation.md), so it routinely fetches and interprets untrusted public web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly injects and runs axe-core at runtime via the CDN URL https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.10.0/axe.min.js — a required runtime fetch that executes remote JavaScript inside the audited page.