nielsen-heuristics-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires reviewing "screenshots_or_links: URLs of screenshots, prototypes, or live site/app" and Step 1 of the Audit Procedure instructs the agent to "Review interface_description, screenshots_or_links", which means the agent is expected to fetch and interpret potentially public/untrusted web content that can materially influence its audit decisions.