automating-chrome

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly executes JavaScript in page context (chrome.execute and tunneling patterns described in references/chrome-advanced.md and chrome-form-automation.md) to read DOM data (document.title, querySelector results, localStorage/clipboard) from arbitrary web pages, which are untrusted third‑party sources that could carry indirect prompt injections.