e2e-flow-verifier

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md test flow explicitly navigates to arbitrary base URLs (page.goto('{{base_url}}')) and reads page content and API responses (expect(...), page.request.get('/api/{{resource}}')) as part of assertions, which exposes the agent to untrusted third-party web content that could inject instructions.