skillify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly visits arbitrary TARGET_URLs and captures page HTML via "$B goto" and "$B html" (Step 4: "Capture the fixture") and then parses that untrusted public webpage content in parseFromHtml / script synthesis (Step 3), so external, user-generated or public web content can influence the generated script/tests and thus agent decisions and tool use.