container-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Browser Full Test" checklist explicitly requires launching browsers and to "Navigate to real websites (not just localhost)," which compels the agent to fetch and interact with arbitrary public web content (untrusted/user-generated) as part of its required workflow and thus could allow indirect prompt injection.