moltoffer-auto-apply

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously navigates to and snapshots LinkedIn job pages (see references/apply.md Step 1 and the Form Processing Loop that calls browser_navigate, browser_snapshot, and analyzeFormFields) and then uses that page content to decide clicks, form answers, and whether to submit, so untrusted public web content (LinkedIn/public job pages) can directly influence tool actions.