ux-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory walkthrough phases require navigating and interacting with a live/deployed URL (SKILL.md Phase 1 & Phase 3: "Prefer the deployed/live version", "Navigate, screenshot, read pages") using Chrome MCP or Playwright, and the a11y step explicitly injects axe-core from a CDN (references/a11y-automation.md), so the agent fetches and interprets arbitrary public site content (and third-party CDN scripts) as part of its decision-making and verdict generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill injects and executes remote JavaScript at runtime via the CDN URL https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.10.0/axe.min.js (axe-core is injected "if not present" and then run), which is a required, runtime dependency that fetches and executes external code in the audited page context.