browser-automation-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill programmatically navigates to and scrapes arbitrary external URLs (e.g., the TARGET_URL used in /tmp/playwright-test-*.js scripts, the broken-links checker that iterates a[href^="http"] and calls page.request.head(href), and helpers like extractTableData), so it ingests untrusted, user-provided web content that could contain indirect prompt-injection instructions.