data-base

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and scrape arbitrary public websites (e.g., chrome_navigate in chrome-devtools MCP, requests.get in the Python templates, and Playwright page.goto in references) and the Workflow asks "Which sites?", meaning the agent will ingest untrusted third‑party web content as part of its operation.