qa-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly accepts arbitrary target URLs in the Intake step and its required workflow (SKILL.md / WORKFLOW.md / TOOL-MATRIX.md) runs chrome-devtools-axi open and agent-browser open , captures network responses and page content (response bodies, console output, screenshots, HARs) and uses those contents for assertions and decision-making (e.g., waits, stale-ref recovery, selecting tools), which exposes the agent to untrusted third-party web content that could carry indirect prompt-injection instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime preflight (scripts/preflight.sh) will run npm install -g chrome-devtools-axi and npm install -g agent-browser — pulling and installing code from the npm registry (e.g. https://registry.npmjs.org) at runtime, which executes remote code the skill depends on, so this is a high-risk external dependency.