cloud

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's docs (e.g., references/api-v2.md, references/guides/tools-integration.md and references/guides/subagent.md) explicitly instruct the agent to navigate to arbitrary public URLs (startUrl, page.goto examples), read page state and extract content (browser-use CLI state, Playwright/Puppeteer examples, tasks like "Find the top HN post" and Amazon/social media automation), meaning untrusted third‑party web content is ingested and can directly drive subsequent agent actions.