enrich-qa-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime explicitly navigates to and inspects a test URL provided in the QA file or via the --url flag (Phase 2: "browser_navigate → {url from metadata or --url}") and then reads the page DOM/accessibility tree to locate and interact with elements, which clearly consumes untrusted third‑party web content as part of its workflow and could therefore enable indirect prompt injection.