amw-memory-operator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill performs replayed browser automation that opens and scrapes public websites (see "open" and navigation/extraction actions in SKILL.md and the assets/json-demos files such as assets/json-demos/captcha-human-verify-template.json and assets/json-demos/qr-human-verify-template.json), and it uses page snapshots/eval_js and snapshot_contains_any triggers to decide branches and subsequent actions, so untrusted third-party page content can materially influence behavior.