gologin-web-access-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary public web content (e.g., via commands like read_page, scrape_markdown, scrape_json, batch_scrape, crawl_site and browser_open) as documented throughout SKILL.md and tools.md, so untrusted third‑party pages can be read and drive subsequent actions (scrape → decide → browser_open/click), enabling indirect prompt-injection risk.