ux-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md) instructs the agent to navigate to arbitrary app entry points and "read page content" and the browser-tool reference (references/browser-tools.md) exposes commands like mcp__claude-in-chrome__read_page and Playwright navigate/snapshot, so the agent will fetch and interpret content from live/public web apps (potentially user-generated/untrusted) and use that content to drive clicks, form fills, and navigation decisions.