computer-use-playbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Browser Automation guidance explicitly instructs navigating to and reading arbitrary web pages (e.g., using navigate_to(tab_id, url), read_page, dom_snapshot, run_script) and includes workflows for public social sites like LinkedIn, X, Google Flow, and Xiaohongshu, so it ingests untrusted, user-generated third-party content that the agent is expected to interpret and that can influence subsequent automated actions.