web-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill remotely controls Chrome to navigate arbitrary public web pages and ingest their content (see scripts/nav.js/start.js for opening URLs, scripts/eval.js and scripts/pick.js for evaluating page JS and extracting element/text, dismiss-cookies.js for interacting with page dialogs, and watch.js/net-summary.js for logging network/console responses), so it clearly fetches untrusted, user-generated third-party content and acts on it in ways that can change subsequent actions (clicks, evaluations, navigations), enabling indirect prompt injection.