observe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries the append-only observation log (e.g., entries with source "extension" and "webkit") which contain captures from arbitrary crawled URLs — including console logs, network requests, DOM/page data — that the agent is expected to read and use to create findings or drive actions, exposing it to untrusted third-party content.