live-site-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly accepts and audits live site URLs (e.g., "/audit-live-site https://example.com") and Tier 2/Chrome DevTools sections describe fetching and analyzing real site HTML/network/accessibility data, so the agent will ingest and act on arbitrary public website content (untrusted third-party) as part of its workflow.