kernel-browser-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill allows running Playwright automation that navigates to arbitrary web URLs (see "kernel browsers playwright execute" and the example page.goto("https://example.com")), exposes live view URLs and screenshots of remote pages, and can load browser profiles/cookies, so it clearly ingests and displays untrusted third‑party web content.