browser-workflow-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow steps explicitly navigate to and read arbitrary web pages (Phase 3: "Navigate to [URL]" with read_page/get_page_text, screenshots, console/network inspection) and Phase 4's UX Platform Evaluation directs agents to perform WebSearch and "visit 2-3 reference examples" (e.g., Dribbble/reference sites), so the agent ingests untrusted public web content that can influence actions and decisions.