flowsterix-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The DevTools "Steps" element-grabber explicitly exports captured element HTML/componentTree as JSON and the "AI Workflow" section instructs copying/pasting that export into an AI to generate flows, so the agent would ingest untrusted, user-provided page/DOM content (exported from arbitrary pages) that could carry indirect prompt injection.