browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and scrapes arbitrary URLs and public sites (e.g., SKILL.md and client.py support create/goto with arbitrary "https://..." URLs), captures and inspects network responses via page.on("response") and page.evaluate(fetch) (refs/scraping.md), and returns AI-readable page snapshots/text (get_ai_snapshot, snapshot, text), so it ingests untrusted third‑party/user‑generated web content as part of its workflow.