surf-codebase

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's content scripts and CDP operations (e.g., the READ_PAGE/GENERATE_ACCESSIBILITY_TREE handler in src/content/accessibility-tree.ts, getResponseBody/getNetworkRequests in src/cdp/controller.ts, and Network.* event capture) ingest and expose arbitrary web page and network content from public/third-party URLs for the agent to read and act on, which can include untrusted user-generated content.