openai-develop-web-game

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Playwright client (scripts/web_game_playwright_client.js) navigates to an arbitrary --url (page.goto(args.url)), captures screenshots, console logs, and calls window.render_game_to_text on the loaded page, so it directly fetches and ingests content from potentially untrusted/public web pages that the agent must read and interpret.