claude-chrome

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill controls a real Chrome browser and explicitly navigates arbitrary public URLs and reads/extracts page content/DOM (see "Browser Capabilities: Read page content and DOM" and examples like "competitor scan", "Go to the product listings page", and "research LinkedIn profiles"), so it ingests untrusted third‑party/user‑generated web content into the agent's workflow.