browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows scraping and agentic browser flows that navigate to arbitrary external sites (e.g., page.goto(url), the scrapeProduct(page, url) example, parallel scraping over a urls list, and a Playwright/Puppeteer example visiting "https://target-site.com") and then reads page content/response.json() to extract data—clearly ingesting untrusted public web content as part of the agent's workflow.