lynx-devtool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI explicitly supports opening arbitrary HTTP(S) URLs and reloading pages with external URLs (examples/open.md and references/cdp/page/Page.reload.md) and fetching page resources and script sources (references/cdp/page/Page.getResourceContent.md, references/cdp/debugger/Debugger.getScriptSource.md, examples/get-sources.md), so the agent will ingest and inspect untrusted third‑party web/user-generated content that could influence subsequent actions.