dogfood

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly navigates to arbitrary target application URLs (e.g., "camofox navigate "https://target-app.com\"" in Phase 2 and subsequent phases) and captures/examines page snapshots, DOM elements, console logs, and other runtime data as part of the agent's testing loop, meaning untrusted third‑party web content could be ingested and influence subsequent tool actions.