chrome-cdp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly connects to the user's live Chrome session and reads or executes content from arbitrary open tabs (user pages) — e.g., SKILL.md and scripts/cdp.ts expose commands like snap, eval, html, and nav that extract page HTML, run Runtime.evaluate in the page, and navigate to arbitrary URLs, which are untrusted third‑party web content and can materially influence agent actions.