preview-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Claude-in-Chrome MCP workflow explicitly navigates to and reads arbitrary preview URLs (e.g., mcp__claude-in-chrome__navigate to https://your-app-xyz.vercel.app followed by mcp__claude-in-chrome__read_page / read_console_messages), which ingests and interprets untrusted public/user-provided web content from PR preview deployments.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly navigates to and reads external preview pages at runtime (e.g., https://your-app-abc123.vercel.app / https://your-app-xyz.vercel.app), and that fetched page content is fed into Claude-in-Chrome (read_page/find) which directly influences the agent's prompts/decisions.