visual-issue-clarification

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads DOM text and computed styles from live browser tabs (the required STD_TAB and DEV_TAB) via the chrome-cdp eval.mjs/annotate.mjs workflow, so it ingests arbitrary public/untrusted webpages open in those tabs which can influence element selection and measurement decisions.