dev-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly automates browsing and scraping of arbitrary public websites (see SKILL.md scripts using page.goto and the ARIA snapshot APIs) and the references/scraping.md guide shows capturing page responses (page.on("response")) and replaying API requests via page.evaluate(fetch) against public endpoints (e.g., social media /api/ or UserTweets), so untrusted, user-generated third‑party content is fetched, parsed, and used to drive subsequent tool actions.