lettuce-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required step definitions and playbook explicitly perform HTTP requests and load page content from world.base_url or arbitrary endpoints (e.g., the "I send a (\w+) request to "(.*)"" and requests.get/world.browser.get examples in reference/advanced-patterns.md and reference/playbook.md), meaning the test runner will ingest untrusted public web/API content (including tokens and page_source) that can materially change subsequent behavior like authentication headers and assertions.