verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md instructs the agent to open arbitrary pages via new_session (step 3) and to read/interpret the page DOM with inspect_page (step 4), which clearly ingests third-party web content that can influence subsequent acts and decisions.