extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and references/extraction-steps.md, Step 1 and Step 2) explicitly opens arbitrary target URLs with agent-browser and reads the page DOM/stylesheets (getComputedStyle(), CSS @keyframes, screenshots) from public websites and then uses that extracted content to drive analysis and generate outputs, which means untrusted third‑party page content can materially influence the agent's decisions.