testing-e2e

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's OrchestKit analysis flow and tests (e.g., HomePage.submitUrl in tests/e2e/pages/HomePage.ts and the analysis-flow.spec.ts examples) explicitly submit arbitrary external URLs that the backend fetches and analyzes (SSE events like "Failed to fetch content" and generated artifacts), so untrusted third‑party web content is ingested and can materially influence agent/test behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes a runtime MCP/agent setup that runs npx with the @playwright/mcp package (see .mcp.json "args": ["-y", "@playwright/mcp@latest"]), which will fetch and execute remote code from the npm registry (e.g. https://registry.npmjs.org/@playwright/mcp) and is required for the AI agent workflow, so it is a runtime external dependency that can execute code and influence agent behavior.