browser-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly uses Chrome DevTools to capture console messages and network request/response data from arbitrary webpages (see Step 2 mcp__plugin_product-design_chrome-devtools__list_console_messages and Step 3 mcp__plugin_product-design_chrome-devtools__get_network_request producing network-detail.json) and then instructs the AI agent to "Parse captured logs" and act on findings (Step 5 / Pattern 4 "Allow AI agent to interact with page"), so untrusted third‑party content can be ingested and influence agent decisions.