visual-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly instructs the agent to "Navigate: Go to page under test" and to call content_get-as-html, a11y_take-aria-snapshot, and content_take-screenshot to inspect page DOM/ARIA, which means it ingests and acts on arbitrary third-party web pages (potentially untrusted user-generated content) that can influence subsequent clicks and interactions.