qa-electron

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (see SKILL.md Phase 8 "Security spot-check" and the Phase 3/4 instructions) explicitly directs the agent to enter/click external URLs and to inspect renderer content (e.g., user-generated chat/message areas and use of playwright-cli goto/eval), which causes the agent to load and interpret untrusted, public third‑party pages; this clearly exposes it to indirect prompt-injection via third-party web content.