debug-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's frontend lane (references/frontend-playwright-agent-wallet.md and SKILL.md) explicitly instructs the agent to browse target environments (stable hosted sites, previews, staging/prod URLs) with Playwright/Chrome, capture DOM/console/network state, and even drive wallet connect/approve flows—meaning it will fetch and interpret arbitrary third-party webpages and their user-generated content as part of its decision/action workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets Web3 / wallet debugging and references agent-wallet, wallet approval and signature popups, onchain dApp connect flows, signing/approval queue, chain switching, and account state inside dApps. These are specific crypto/wallet interactions (including signing) rather than generic browser tooling, so the skill includes explicit crypto wallet capabilities that can be used to execute or authorize on-chain transactions.