qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow uses a headless browser to navigate to a user-supplied Target URL and then performs “Explore” steps (screenshots, console/network checks, form interactions), which will ingest page-rendered free text from that URL (outsider-authored web content) into the LLM context via the browser/Playwright MCP tool outputs.