automating-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references/workflows.md show the Tabz tools (e.g., open_url, get_page_info, get_dom_tree, get_element, download_image/download_file) that fetch and inspect arbitrary public web pages, meaning the agent will ingest untrusted third-party content from the open web that can influence clicks, form fills, script execution, and other tool actions.