opencli-autofix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly directs the agent to load and inspect live external webpages and network responses (e.g., Step 1's diagnostic.json containing "page.snapshot" and "networkRequests" and Step 3 "opencli browser open https://example.com/target-page && opencli browser state"), so untrusted third‑party site content is read and used to drive code-patching decisions.