openspec-e2e

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "all" mode explicitly fetches and parses external site content (e.g., "$B goto ${BASE_URL}/sitemap.xml" and homepage link extraction / crawling in Step 1 and Step 4) and then ingests those pages' DOM/snapshots to drive route discovery, selector selection, and test generation, so untrusted third-party pages could materially influence agent actions.