qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Playwright-based workflow can navigate to and interact with an external URL when the user provides one (SKILL.md: "does not test in production (localhost only, unless user explicitly provides a URL)"), and the agent reads page content (page.title(), textContent, element clicks) to drive tests, so untrusted public web pages could materially influence its actions.