testing-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs browsing and interacting with arbitrary URLs (e.g., "npx playwright codegen https://example.com", "npx playwright screenshot … https://example.com", and "npx @axe-core/cli https://example.com"), so the agent would fetch and interpret untrusted public web pages whose content could influence generated tests or subsequent actions.