dev-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to navigate arbitrary URLs (e.g., page.goto examples), use getAISnapshot/selectSnapshotRef to read page content, and scrape/interact with third‑party websites (see "Scraping Data" and "Writing Scripts"), so it will fetch and interpret untrusted public web content that can change subsequent actions.