accessibility

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts a user-supplied target URL and runs live scans against it (see the SKILL.md bash workflow: check_server uses curl and run_axe_analysis / run_pa11y_analysis run npx axe "$TARGET_URL" and pa11y "$TARGET_URL"), so it fetches and analyzes arbitrary public web pages (untrusted third‑party content) and uses the analysis output to drive reporting and remediation decisions.