hosted-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's Client Implementations explicitly describe a Chrome extension that extracts DOM and React internals from arbitrary web pages (sidebar chat with DOM extraction), which means the agent will ingest and act on untrusted third‑party webpage content as part of its workflow.