web-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to navigate to and interact with arbitrary web pages (e.g., page.goto('https://example.com') and chrome.navigatePage(...) ) and to evaluate/act on page content (page.evaluate, snapshot element lookups, click elements by text), so it clearly fetches and interprets untrusted public web content as part of its workflow.