chai-studio-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs website exploration via Chrome DevTools MCP and extracts/normalizes content from arbitrary public URLs (see SKILL.md and references/website-exploration.md / README examples like "explore https://example.com"), so it ingests untrusted third‑party site content which the agent must interpret and use to drive artifact creation and MCP tool calls.