chrome-devtools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly states AI Assistance and Console Insights ingest the inspected page's data (e.g., "Conversations you start from this panel automatically have context about technical details of the page you are inspecting" and "Chrome DevTools uses the console message, associated stack trace, related source code, and the associated network headers as input" in SKILL.md and references/ai.md / references/console.md), which means the agent reads and acts on arbitrary public webpage content that could contain untrusted user-generated instructions.