chrome-browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and examples (see sections 4.3 "Data Extraction" and 4.6 "Multi-Site Workflows") explicitly navigate to arbitrary public URLs (e.g., https://example.com/products, LinkedIn), call get_page_text/read_page to ingest page content, and then parse and act on that data (save CSV, update calendar/docs), so untrusted third-party/user-generated web content is read and can materially influence subsequent tool actions.