browser-validator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary test URLs (see "What Are the Test URLs?" and requirements that URL be accessible) using MCP commands like mcp__chrome-devtools__navigate_page and ingests page DOM snapshots, screenshots, console messages and network requests (mcp__chrome-devtools__take_snapshot, take_screenshot, list_console_messages, list_network_requests), which means it consumes untrusted/public third‑party content and will read/interpret that content as part of its workflow.