local-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill explicitly tells the agent to fetch and scrape live node/webapp pages (e.g., curl of the local dashboard and navigating contract web UIs at http://{IP}:7510/v1/contract/web/{CONTRACT_ID}/ and Playwright steps "browser_navigate → open the contract URL"), which are user-provided/untrusted contract webapps and peer pages that the agent must read/interpret and can drive subsequent interactions, so untrusted third‑party content could inject instructions.