dev-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates and scrapes arbitrary public websites and APIs (e.g., page.goto and page.evaluate(fetch) in SKILL.md and src/client.ts) and the references/scraping.md guide shows intercepting/replaying network requests for user-generated content like "followers, posts, search results" (e.g., capturing responses including "UserTweets"), which the agent is expected to read and act on as part of its workflow, enabling indirect prompt injection from untrusted third-party content.