browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/nav.js to navigate arbitrary URLs and scripts/eval.js and scripts/pick.js which execute JS and extract DOM/text from the loaded page) allow the agent to browse and ingest content from arbitrary public websites, meaning untrusted third‑party/user‑generated content can be read and interpreted at runtime.