chrome-gif-recorder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly directs the agent to navigate to and interact with arbitrary web pages (e.g., steps under "Execute Workflow Steps" and examples like "navigate to page", "navigate to URLs" and the update_plan domains), capture screenshots, and perform clicks/form inputs on those public sites, so untrusted third-party page content is fetched and used to drive actions and could inject indirect instructions.