expect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly injects and loads third-party code from a public CDN (see references/rrweb-recording.md which adds https://cdn.jsdelivr.net/npm/rrweb...) and the agent also captures and interprets ARIA snapshots/DOM from tested pages as part of its execution workflow (references/execution.md and test-plan.md), meaning untrusted external page content or CDN-loaded scripts can materially influence agent actions.