web-operate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and scripts/operate.py show it runs in "browser mode" and that operate() builds a WebIntent using the url from input_data and calls WebIntelligenceRouter.execute, meaning it fetches and interacts with arbitrary third‑party web pages provided at runtime and will read/act on that untrusted content.