browser-navigator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runYamlScenario executes arbitrary scenario 'goto' steps (page.goto in src/lib.ts) and then reads and interprets page content (page.innerText, accessibility snapshots, frame locators, loop_approve logic) from external websites specified in scenario YAML, so untrusted third‑party pages can directly influence clicks and subsequent actions.