form-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required inputs include "Current form (URL, screenshot, or fields)" and the Workflow Step 1 audit ("For each form on the site...") requires the agent to read and evaluate form pages by URL, meaning it will fetch/interpret content from arbitrary public websites which can materially influence its recommendations.