visual-verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and navigates to arbitrary target URLs (SKILL.md Step 2b and scripts/open-tab.mjs / scripts/navigate.mjs) and then inspects and evaluates page content (scripts/dom-assert.mjs, eval.mjs, inspect-dom.mjs, console-check.mjs) so untrusted public web pages or user-provided sites can be read and drive actions/assertions—introducing indirect prompt-injection risk.