dev-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and docs (SKILL.md and references/scraping.md) explicitly direct the agent to navigate to arbitrary public URLs (e.g., page.goto), intercept page requests/responses (page.on("response")) and replay/fetch API responses in the browser context (page.evaluate(fetch)) to scrape user posts/APIs like "UserTweets", meaning the agent will ingest and act on untrusted, user-generated third-party web content.