testing-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and scripts explicitly instruct the agent to fetch and inspect arbitrary URLs (e.g., page.goto(args.url) in scripts/verify.py, snapshot.py, screenshot.py) and SKILL.md Phase 5 says "The agent copies the Verify command, runs it, and confirms pass/fail", so the agent will ingest untrusted third‑party page content (accessibility trees, console errors, page text) that can materially influence its verification decisions.