performing-clickjacking-attack-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses arbitrary external web pages (see SKILL.md curl examples and scripts/agent.py functions check_frame_headers and check_javascript_frame_busting which use requests.get on target URLs), ingesting untrusted third-party content and using it to decide vulnerabilities and generate PoC pages, so external content can materially influence agent behavior.