qa-only

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow instructs the agent to navigate to a user-supplied Target URL and then read page content (including any free-form text rendered by that site) via a headless browser, which can include outsider-authored text from arbitrary web pages.