harnass-engineer-final-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's production-final-audit workflow explicitly uses chrome-devtools to visit and inspect the deployed production surface and public pages (see production-final-audit steps "inspect-repo-and-surface" and "run-module-smoke-checks" plus SKILL.md's "use chrome-devtools for UI-facing production audits"), meaning it fetches and interprets untrusted public/user-visible page content which directly drives audit decisions and release signoff.