puppeteer-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly guides browsing and scraping arbitrary public websites (e.g., page.goto(url), scrapeWithRetry(url), page.$eval(... ) and page.on('response' => response.json())), so the agent is expected to fetch and interpret untrusted third‑party web content that could contain indirect prompt injections.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt explicitly recommends launching Chrome/Chromium with '--no-sandbox' and '--disable-setuid-sandbox', which intentionally disables browser sandboxing (a security bypass), even though it doesn't ask for sudo, edit system files, or create users.