extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and scrapes arbitrary public web pages (e.g., "actionbook browser open """, "Identify from the user request: URL — the page to extract from", and the Execution Chain/Step 3 detection using page content) and uses that untrusted third‑party content to determine selectors, extraction logic, and script actions, so external page content can directly influence tool behavior.