hexagone-web-feature-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs Playwright to navigate to a (user-provided) LOGIN_URL and then uses page.evaluate() to read DOM text (menu items, tabs, page content) and drive mouse clicks and metadata extraction that feed into features.json and the generated Markdown, so arbitrary third‑party web pages could inject content that materially influences navigation and tool actions.