vector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required runtime workflow (RECON → PLAN → EXECUTE → COLLECT → REPORT) involves navigating to user-supplied/target URLs and scraping/extracting readable page content via Playwright MCP/CDP (e.g., playwright_navigate + playwright_snapshot/page.evaluate/HAR export), which can include outsider-authored free text from public web pages into the agent’s LLM context.