qe-testability-scoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "RUN assessment against target URL" and contains Playwright/Vibium code and workflow steps (e.g., browser_navigate, browser_find, extracting ARIA labels, collecting console errors) that navigate to and ingest arbitrary public URLs and page content, which the agent uses to compute scores and drive follow-up actions, exposing it to untrusted third‑party content.