kernel-python-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill clearly allows agents to fetch and scrape arbitrary public websites (e.g., server-side Playwright via kernel.browsers.playwright.execute and examples that call page.goto('https://example.com') and the create_playwright_tool returned to an LLM), so untrusted third-party content from the open web can be ingested and returned to the agent.