chrome-history

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill reads and parses the user's local Chrome history and synced LevelDB data (e.g., ~/Library/Application Support/Google/Chrome/Default/History and the Sync Data/LevelDB copy) to extract titles, URLs and surrounding text from arbitrary visited web pages (including reddit/medium/twitter/etc.), so it ingests untrusted third‑party content and surfaces it to the agent.