material-3

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md audit procedure and "Audit Methods" explicitly require navigating to and reading user-provided live URLs (using mcp__claude-in-chrome__navigate, mcp__claude-in-chrome__read_page, and related tools) so the agent ingests untrusted public web content and uses it to drive analysis and follow-up actions, enabling indirect prompt-injection risk.