paw-cra-creative-director

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's tool-discovery and agent-browser workflow (references/tool-discovery.md) explicitly instructs the agent to open arbitrary URLs, connect to a user's Chrome session, and scrape social media and competitor websites (e.g., "agent-browser open ", snapshots of Instagram/LinkedIn/TikTok), meaning the agent will ingest untrusted, user-generated third‑party content and act on it as part of research and routing workflows.