navvi-signup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens arbitrary external signup pages (mcp__navvi__navvi_open(url="https://{service}/signup")), screenshots and inspects page DOM with navvi_find/navvi_screenshot, and uses that untrusted third‑party page content (form fields, CAPTCHAs, links) to decide actions, so external webpages can indirectly inject instructions into the workflow.