browserstack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs using BrowserStack API actions (e.g., "Get Session Network Logs" (HAR), "Get Session Appium Logs") and the generic "membrane request CONNECTION_ID /path/to/endpoint" proxy, which fetches user-uploaded/session data from the third-party BrowserStack service that can contain arbitrary/third-party web content or user-generated uploads that the agent is expected to read and act on.