web-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and scrapes arbitrary external URLs (e.g., examples/python/element_discovery.py, examples/python/screenshot_capture.py, examples/python/visual_compare.py, scripts/combined_debugger.py and many CLI helpers) and ingests DOM/console/network data which the automation reads and acts on (dismissing overlays, filling/selecting fields, taking actions), so untrusted third‑party web content can materially influence tool decisions and behavior.