web-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and interacts with arbitrary public web pages (nav.js), executes and reads page JavaScript (scripts/eval.js, scripts/cdp.js, scripts/pick.js), injects dismissal logic into third‑party pages (scripts/dismiss-cookies.js), and logs network/page content (scripts/watch.js, scripts/net-summary.js), so it ingests untrusted user-generated/open-web content that can materially influence agent actions.