vet-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill injects vet.js into arbitrary browser tabs (opened or provided via chrome-cdp) and writes window.VET_INFO (including element text, cssPath, className) to std-vet-info.json which the SKILL.md workflow explicitly requires the agent to read and use to choose selectors and build overlay-configs for further injections — i.e., it scrapes untrusted public web pages and uses that content to drive subsequent tool actions.