visual-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill autonomously opens and evaluates arbitrary public URLs (e.g., batch-scroll.sh, section-compare.sh, computed-diff.sh, transition-compare.sh) and the SKILL.md/verification.md explicitly requires the LLM to read ref+impl screenshots and extracted DOM/SVG from those third-party sites (Phase E LLM review and numerous agent-browser eval steps), so untrusted web content is ingested and can directly influence decisions and tool actions.