electron

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs attaching to Electron apps (e.g., Slack, Discord, Notion) via the CDP and using commands like playwright-cli snapshot, eval ("el => el.textContent"), and run-code (and querying http://localhost:9222/json) to read DOM/text from those apps, so the agent will ingest untrusted, user-generated third‑party content that can influence its subsequent actions.