mobile-browser-workflow-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill autonomously navigates to workflow URLs (Phase 3: browser_navigate({ url: workflow.url })) and runs browser_snapshot/browser_evaluate and iOSHIGAudit routines (Phase 4) against those live pages—which are arbitrary public sites specified in the workflows—then uses those DOM/content analyses to drive findings and automated fixes, so it clearly ingests and acts on untrusted third‑party web content.