layout-inspecting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously navigates to arbitrary URLs (see scripts/inspect_layout.js where page.goto(opts.url) is called) and runs page.evaluate(buildLayoutTree) to extract DOM text snippets and layout data from those third-party pages, which an agent is expected to read and could use to drive further actions—so untrusted web content can indirectly inject instructions.