BrowserBridge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md shows the bridge/extension executes arbitrary JavaScript in the user's active webpage and returns page data (e.g., document.documentElement.outerHTML, element innerHTML, console logs, and errors) from arbitrary public sites via the /api/browser/execute and /api/browser/inspect endpoints, so the agent will ingest untrusted third‑party page content and act on it as part of its workflow.