utage-manual

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill asks the user for a course page URL and then uses Chrome integration to navigate and read the course page (read_page, read_network_requests to capture .m3u8 URLs on S3), transcribes audio and reads screenshots/transcript files as mandatory inputs for generating and reviewing manuals—i.e., it ingests untrusted third‑party webpage/video content that directly drives agent decisions and output.