web-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's tools (notably tools/nav.js which navigates to arbitrary URLs, and tools/eval.js and tools/pick.js which execute JS and scrape page DOM/content) explicitly load and read content from open/public third-party websites, so untrusted user-generated pages can be ingested and materially influence subsequent tool actions.