diff-profile-archives

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill downloads user-specified Kernel profile archives (Step 2) and then parses/grep's cookies, Local Storage, Session Storage, IndexedDB and other per-origin data (e.g., LevelDB/strings scans shown throughout the workflow), so the agent ingests and acts on arbitrary third-party/site-provided content from those profiles which could carry indirect prompt injection.