browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill clearly navigates to arbitrary URLs (nav.js) and runs/evaluates page JavaScript and extracts DOM/text/href (eval.js and pick.js), meaning it ingests untrusted public web content into the agent's runtime workflow and could be exposed to indirect prompt injection.