chrome-devtools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI scripts (e.g., navigate.js, aria-snapshot.js, snapshot.js, evaluate.js, console.js, network.js and others) accept arbitrary --url arguments and load/inspect live web pages (including executing page.evaluate and extracting DOM/ARIA/console/network data), meaning the agent will fetch and interpret untrusted public third‑party content from arbitrary websites.