kuroco-frontend-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's AI workflow calls the claude-in-chrome MCP javascript_tool to fetch live JSON from external Kuroco management pages (e.g., /direct/rcms_api/admin_api/?... such as whoami, temp_upload_url returning presigned_url/url, and deploy responses) and directly uses those responses to decide and execute follow-up actions (artifact upload and deploy), so untrusted third-party responses can influence tool use.