resilience-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly asks for a "Target URL" (Phase 2) and instructs opening a browser session to load and inspect that site and its external resources (Phase 3: "Open a browser session with new_session", use of page.route(), get_browser_console_logs(), blocking/inspecting third‑party domains), so it will fetch and interpret arbitrary third‑party web content which can influence testing decisions and follow-up actions.