agency-evaluation-criteria

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Input Contract accepts a "Built application (URL or local path)" and the Testing Requirements require Playwright navigation, clicking, scrolling, screenshots, and Lighthouse runs against that URL, so the agent will fetch and interpret arbitrary external web pages whose untrusted content could influence actions.