ah-fix-ui-bug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to navigate to arbitrary Page URLs (e.g., via chrome-devtools navigate_page), take snapshots of the page DOM, inject and evaluate diagnostic scripts (chrome-devtools evaluate_script) and read results—therefore it fetches and interprets untrusted third-party web content provided by arbitrary URLs as part of its required workflow.