skillify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly drives a browser to arbitrary public targets (Step 4's $B goto "<TARGET_URL>" and $B html fixture capture, and the generated script's main() using browse.goto(TARGET_URL)), then parses that untrusted HTML into parser code/tests and may commit the resulting skill, so live third‑party page content is read and can materially influence subsequent tool behavior.