browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly navigates to arbitrary URLs and interacts with page content (scripts/nav.cjs opens user-specified URLs, scripts/eval.cjs evaluates JavaScript in the active page, and scripts/pick.cjs injects a DOM picker), so it ingests and interprets untrusted public web content that can materially influence subsequent agent actions.