devops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references/browser-rendering.md includes runtime code that visits and scrapes public webpages (e.g., page.goto('https://news.ycombinator.com') and page.goto(url) where url is taken from request/query or queue messages) and passes page.content() into an AI extractor and queues new links, meaning untrusted, user-generated third‑party content is ingested and can drive subsequent tool actions like AI extraction and queuing.