browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's nav.js accepts arbitrary URLs and the eval.js/pick.js scripts read and return DOM/content from those pages via a local Chrome session (e.g., scripts/nav.js , scripts/eval.js, scripts/pick.js), so the agent will ingest untrusted public web content that could carry indirect prompt injections.