antithesis-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens a user-provided Antithesis debugging-session URL and injects assets/antithesis-debug.js to read notebook source, log rows, outputs, and to authorize/run action cells (see references/setup-session.md, references/notebook.md, and references/actions.md), so untrusted notebook/log/file content on that page can be read and can directly influence the agent's actions.