rabbit-inspect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged: SKILL.md's ARRIVE phase mandates capturing real screenshots from arbitrary target URLs via Glimpse (e.g., the "uv run ... glimpse matrix" / "glimpse capture" commands with "{target_url}") and explicitly requires the agent to read and act on those screenshots, which exposes it to untrusted public web content that can influence decisions and follow‑up actions.