browse-qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and "use browse to read" arbitrary third‑party URLs and issue pages (e.g., "GitHub issue — use browse to read the issue page", "URL — user provides a ticket URL", and examples opening mumzworld.com), and then to interpret acceptance criteria from those pages to drive testing and tool actions, which allows untrusted web content to influence subsequent tool use.