chrome-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill provisions a Playwright/CDP-driven Chrome instance and explicitly instructs verifying and using browser_navigate/browser_snapshot/browser_tabs and logging into sites (see INSTALL.md "test Playwright MCP tools" and SKILL.md's "User can log into sites" / "Cloudflare challenges"), so the agent is expected to fetch and interpret arbitrary public web content that could contain untrusted instructions.