webmcp-gen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required runtime workflow uses validate.mjs → page.goto(manifest.url) and then page.invokeWebMCPTool(...), where the tool’s implementation.source runs in the target page and can return page-derived text (e.g., document.title, location.href, DOM text) into the Node process and thus into the agent’s LLM context via eval.json/eval-report.md outputs.