peach-e2e-scenario

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly uses agent-browser/CDP commands (e.g., SKILL.md steps like "DOM 선조사" and examples such as agent-browser eval "document.querySelector(...)", agent-browser connect 9222, and curl http://127.0.0.1:9222/json to list tabs) to read the live DOM/URLs of arbitrary browser tabs (including external sites like Google/Gmail), and that untrusted third‑party page content is parsed and used to generate/modify E2E scripts and drive execution decisions, so third‑party content can materially influence the agent's actions.