benchmark

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md Mode 1 ("Navigate to each target URL") explicitly instructs the agent to fetch and measure arbitrary target URLs (public web pages), so untrusted third-party page content is ingested and its extracted metrics are used to produce verdicts/decisions in the workflow.