clawdcursor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to navigate and read arbitrary public webpages (see SKILL.md "Read a webpage" and the "CDP Direct Reference" / Playwright examples that read page.innerText and navigate to arbitrary URLs) and feeds those page DOM/screenshot contents into LLM-driven planning layers (Smart Interaction / Computer Use), so untrusted third‑party content can materially influence tool decisions and subsequent actions.