app-qa-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly requires a "URL/webapp mode" that will "open this URL and test the webapp" and "use browser automation and live inspection" to "map routes, inspect navigation, DOM states, storage, and network behavior," which means the agent will fetch and interpret arbitrary live web content (untrusted third-party pages) that can influence subsequent actions.