dev-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The dev-browser skill explicitly navigates and scrapes arbitrary public websites and APIs (see SKILL.md examples using page.goto and the client.getAISnapshot API) and the references/scraping.md shows capturing and replaying responses from public endpoints (e.g., "UserTweets" /api captures), meaning the agent will ingest untrusted, user-generated third‑party content and parse/interpret it as part of its workflow.