chrome-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill opens arbitrary URLs (scripts/chromectl.py open) and then evaluates page JavaScript and streams console output (eval and console-tail commands), meaning the agent will ingest and interpret untrusted, user-controlled web content from public sites.