tabz-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and reference docs (e.g., Tabs tools like open_url/list_tabs in SKILL.md and references/network-debugging.md and references/form-automation.md which document get_dom_tree, get_element, execute_script, get_network_requests, etc.) show it opens and ingests arbitrary web pages and their DOM/network/console content—untrusted third-party content the agent reads and can act on—enabling indirect prompt-injection risk.