next

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's API route (app/api/browse/route.ts) and server actions call page.goto(url) on arbitrary provided URLs, fetching and returning content (titles, screenshots, accessibility snapshots) from untrusted public web pages, which could supply instructions that influence downstream agent behavior.