user-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires launching Chrome and navigating to arbitrary user-supplied/public URLs (e.g., "/user-test --url https://your-app.com") and lists Playwright tools like browser_navigate/browser_snapshot that cause the agent to fetch and interpret live third-party web pages as part of its testing workflow, so untrusted web content can influence its actions.