a11y-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's discover.js and scan.js explicitly fetch and crawl live site content (sitemaps, HTML pages, /api/* manifests, and page DOM) from the target runtime URL, and SKILL.md requires the agent to read and act on those scan results (Phase 2 results feed Phase 4 manual guidance and Phase 6 issue creation), so untrusted third‑party page content can influence the agent's decisions and tool actions.