browser-trace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly captures and ingests arbitrary web content (e.g., snapshot-loop.mjs uses browse --ws <target> get html body to write dom/.html and start-capture.mjs + bisect-cdp.mjs produce cdp/raw.ndjson and per-page cdp/pages/* buckets containing network requests/responses and DOM/console data from any visited public URL such as the examples (news.ycombinator.com)), and the SKILL/EXAMPLES docs show the agent reading those artifacts to find errors and drive next debugging actions, so untrusted third-party content can materially influence agent behavior.