web-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples and commands (e.g., Playwright page.goto / codegen to external URLs, npx @axe-core/cli https://example.com, npx lighthouse https://example.com, OWASP ZAP/nuclei scans against URLs) clearly instruct runtime fetching and analysis of public websites, which are untrusted third‑party content the agent would read and interpret.