web-perf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and traces arbitrary target URLs via calls like navigate_page(url: "") and then analyzes network requests and DOM (list_network_requests, get_network_request, take_snapshot), so it fetches and interprets untrusted public web content that could carry indirect prompt injection.