autonomous-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory E2E verification flow (SKILL.md and references/e2e-verification.md) directs the agent to extract a "preview URL" from PR comments and navigate that arbitrary URL via Chrome DevTools MCP, inspect and interpret page content (take screenshots, verify visible outcomes) and use those results to mark acceptance criteria and decide PASS/FAIL, which clearly consumes untrusted third‑party web content that can influence actions.