moai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's E2E workflow (workflows/e2e.md) accepts arbitrary --url values and explicitly instructs Agent Browser / Playwright / Claude-in-Chrome to navigate, read_page/get_page_text and autonomously explore web pages (mcp__claude-in-chrome__read_page, agent-browser navigation), which means the agent will fetch and interpret untrusted third‑party web content as part of its runtime actions.