testing-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts and workflow (SKILL.md plus scripts/verify.py, scripts/interact.py, scripts/snapshot.py, and scripts/screenshot.py) explicitly navigate to arbitrary URLs and ingest page content (accessibility trees, console logs, page text and network responses) which the agent reads and uses to make assertions and drive verify/next actions, exposing it to untrusted third‑party content that could contain indirect prompt injection.