visual-verdict

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and loads live reference URLs (e.g., "Reference URL B: https://staging.app.com/dashboard" under "Loading the Reference" / "Live URL comparison") and integrates with a "clone-website" flow that screenshots external sites, meaning the agent will fetch and interpret arbitrary third-party web pages/screenshots as part of scoring and decision-making.