maestro-e2e

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables scripts to perform HTTP requests to arbitrary external URLs (see rules/advanced/javascript.md with examples using http.get/http.post and env API_URL) and supports web testing with arbitrary url/openLink (rules/platforms/web.md), so the agent can fetch and interpret untrusted third-party content as part of its workflow.