awt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly scans and interacts with arbitrary URLs (e.g., aat scan --url <URL>, aat devqa "..." --url ...) and requires the agent to read and use the resulting .aat/scan_result.json / OCR/DOM data to generate and execute test scenarios, meaning untrusted public web content can directly influence tool actions and decisions.