bank-statement-processing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously opens and drives a real browser against the public WellsFargo site (e.g., manual login opens https://wellsfargo.com and wf_download.py's Playwright MCP calls extract page content and _extract_wf_navigation_candidates to read/navigation candidates and page text), so it ingests and acts upon untrusted third‑party web content that can influence navigation and downstream actions.