qa-systematic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly instructs the agent to navigate to and inspect the application's root URL and to visit and analyze each page (Phase 3 "Navigate to root URL" and Phase 4 "For each page, run the per-page checklist") using browser automation (Playwright/agent-browser), which means it will fetch and interpret arbitrary web pages (potentially public/untrusted content) as part of its decision-making and testing actions.