browser-auto-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main script (scripts/auto_download.py) and documentation (SKILL.md/README.md/QUICKSTART.md) explicitly load arbitrary public URLs (via the --url parameter and built-in site shortcuts), inspect page.content / page.inner_text and link/button text (page.locator(...) and find_all_download_links), and then decide navigation/clicks and downloads based on that untrusted webpage content, so third‑party pages can influence tool actions.