devops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references (references/browser-rendering.md and related worker examples) include headless-browser scraper and crawler code that navigate arbitrary public URLs (e.g., page.goto(message.body.url, news.ycombinator.com)), call page.content(), and pass that untrusted webpage content into an AI extractor (Ai.run), meaning the agent would fetch and interpret open/public third‑party pages whose content could influence subsequent AI actions.