browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly drives a real Chrome instance to arbitrary public URLs (scripts/nav.js / start.js) and then evaluates page JavaScript and extracts DOM content (scripts/eval.js and scripts/pick.js) as part of the SKILL.md workflow, so untrusted third‑party page content can be read and influence subsequent agent actions.