browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill clearly fetches and ingests public web content — e.g., the scrape_all/scrape_all_parallel helpers and SecureBrowserAutomation.navigate() call page.goto(url) and return page.content()/text_content(), meaning the agent will read arbitrary third-party webpages as part of its workflow (untrusted user-generated/open-web content).