dogfood

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). In scripts/dogfood.sh the explore subcommand composes a web-app exploratory workflow that reads references/exploratory-issue-taxonomy.md (bundled) and then uses agent-browser to open a runtime-supplied --url/detected site; the resulting page content, errors, and console text from that outsider web content can be ingested into the agent’s LLM context via the browser session.