nemojs-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and reference files (e.g., SKILL.md, reference/playbook.md, reference/cloud-integration.md) include WebDriver actions like await nemo.driver.get(nemo.data.baseUrl + '/login') and explicit remote URLs (e.g., https://hub.lambdatest.com, https://staging.example.com), meaning the agent is expected to fetch and interpret arbitrary external webpages as part of test execution, so untrusted third‑party content can materially influence behavior.