browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to snapshot and extract page text and to scroll/read dynamic content including social media and SPAs (see "Reading Pages" and "Dynamic Content (SPAs, social media)"), which means it fetches and interprets untrusted public web/user-generated content that can influence subsequent actions.