cdp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly drives a real Chrome instance and navigates to arbitrary public URLs (e.g., SKILL.md and examples show session.Page.navigate({url: "..."}), session.Runtime.evaluate and Network.getResponseBody calls) so the agent will fetch and read untrusted third‑party web content (pages, responses, DOM) that can directly influence subsequent CDP actions.