qe-security-visual-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows runtime fetching and analysis of arbitrary public URLs (e.g., the workflows "aqe test visual-audit --url https://example.com" and the BrowserSecurityScanner.scanUrl example) and describes scanning pages for PII, security issues, and accessibility, so untrusted third‑party page content is read and can influence masking, blocking, and follow-up actions.