notion-clipper-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly navigates to and renders arbitrary user-provided URLs via Chrome CDP (see scripts/main.ts captureUrl -> launchChrome / navigateAndWait and evaluateScript using cleanupAndExtractScript in scripts/html-to-markdown.ts) and then extracts and converts the page HTML to Markdown/Notion blocks, so it ingests untrusted public web content (e.g., blogs, social media, forums) which the agent reads and processes.