mobile-debugging

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes Playwright/Puppeteer and cloud-testing examples that call page.goto(url) and capture console logs/errors from arbitrary websites, and provides Eruda/vConsole bookmarklets that inject debugging scripts (e.g., from https://cdn.jsdelivr.net/npm/eruda and https://unpkg.com) into public pages—meaning the agent will ingest and interpret untrusted, user-controlled web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs injecting remote JavaScript at runtime (bookmarklets and tags) from URLs such as https://cdn.jsdelivr.net/npm/eruda and https://unpkg.com/vconsole@latest/dist/vconsole.min.js which are fetched and executed in-page, meaning those external URLs run remote code during skill runtime and are relied on to provide the debugging functionality.