dev-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (SKILL.md and references/scraping.md) explicitly instructs the agent to navigate to arbitrary public URLs (page.goto), intercept responses (page.on("response")), capture and parse JSON from public/social APIs (e.g., "UserTweets", /api/data) and replay requests in the browser context, so untrusted, user-generated web content is fetched and read to drive subsequent automation steps.