sdlc-qa-browse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill runs a headless browser that navigates arbitrary URLs and reads/executes page content (see SKILL.md commands like "goto ", "text", "html", "snapshot", and read/inspection commands), which clearly fetches untrusted public web/user-generated content that the agent consumes and can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup step runs a runtime installer pipeline (curl -fsSL https://bun.sh/install | bash) which fetches and executes a remote script to install Bun and is a required dependency for first-run, so it is a high-confidence runtime external code execution risk (https://bun.sh/install).