flow-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md "Evidence URLs" / step 4) tells the agent to use URLs found in snapshots/{latest}-{flow-name}/results.json as inline evidence and to read screenshots/video for visual analysis, which means the agent will fetch and interpret untrusted third-party URLs referenced in results.json and let that content influence classification and suggested actions.