web-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill remotely controls Chrome and explicitly navigates to arbitrary URLs (tools/nav.js) and executes/evaluates page JavaScript and extracts element text/HTML (tools/eval.js and tools/pick.js), so it ingests untrusted public web content that the agent is expected to read and interpret.