stably-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to run AI-powered commands that analyze DOM state, traces, screenshots and to "verify" arbitrary target URLs (e.g., stably verify ... --url <url>), meaning the agent will ingest and act on content from potentially untrusted/public web pages which can influence test-fixing and other automated actions.