browser-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's browser automation explicitly navigates to and scrapes arbitrary public websites and user-provided URLs (e.g., example.com/products, site-a.com/site-b, LinkedIn, and docs.google.com in the examples) using tools like navigate, read_page, and data-extraction templates, so the agent will read and interpret untrusted third-party content.