accessibility

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Automated testing" section explicitly shows running lighthouse/axe against external URLs (e.g., npx lighthouse https://example.com, axe https://example.com) and references public WCAG/ARIA resources, indicating the skill expects to fetch and analyze arbitrary third‑party web pages whose content could influence audit actions.