aios-long-running-harness

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The harness workflow explicitly requires verifying step completion from page evidence and the repository-level guidance references using browser MCP calls and page.extract_text / page.get_html to capture page/html evidence, which implies the agent will fetch and interpret web page content (potentially open, third-party pages) as part of runtime decisions.