web-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly launches browsers against arbitrary login URLs (e.g., "session auth ... --url " and provider pages like github/x/reddit) and performs post-auth headless verification that reads page DOM/selectors and URLs (headlessVerification), so the agent ingests untrusted third-party web content as part of its workflow and that content can affect success detection and subsequent actions.