chrome-cdp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly navigates to arbitrary http/https pages and extracts/executes page content (see SKILL.md commands "nav", "html", "eval" and the corresponding navStr/htmlStr/evalStr implementations in scripts/cdp.mjs), so it ingests untrusted public web content that can directly influence subsequent clicks, navigation, or commands.