doc-image-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 3 "Capture Browser Screenshots" and Step 2.5 "Understand the Target Website") plus the browser-automation and Playwright MCP references explicitly instruct the agent to navigate to arbitrary target URLs, inspect page snapshots, and act on page content (including filling forms and clicking), meaning it fetches and interprets untrusted public web content that can influence navigation and tool actions.