qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md: Setup "Target URL (required)" and Phase 3/Phase 4) instructs the agent to navigate to arbitrary target URLs and to $B goto, follow links, click elements, and fill forms on those pages—clearly fetching and interpreting untrusted third‑party web content which can directly influence the agent's actions.