website-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary URLs (scripts/browser-nav.js) and then captures and evaluates page content (scripts/browser-eval.js, browser-dom.js, browser-console.js, browser-screenshot.js, browser-pick.js), so the agent will load and interpret untrusted public/webpage content supplied via those URLs.