peach-e2e-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to Chrome CDP and fetches/inspects open tab URLs (references/selector.js and references/connect.js use CDP /json and Playwright to enumerate and attach to arbitrary tabs) and runs scenarios that navigate to and evaluate third‑party pages (e.g., references/gmail-메일목록.js visits mail.google.com and uses page.evaluate to scrape user-generated emails), so untrusted web content is read and can materially influence subsequent actions.