play-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md and the provided scripts (e.g., scripts/nav.js, scripts/eval.js, scripts/pick.js, scripts/watch.js, and scripts/dismiss-cookies.js) explicitly navigate to arbitrary URLs and execute page.evaluate/read page content and network/console logs, meaning the agent ingests untrusted public web content which can materially influence its subsequent actions.