wcag-audit-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow instructs running automated scans against websites (SKILL.md step 1) and the playbook includes examples that fetch arbitrary URLs (resources/implementation-playbook.md: npx @axe-core/cli https://example.com and Playwright page.goto('/')), so the agent will ingest and act on untrusted third‑party web content which can materially influence audit decisions.