macos-safari

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly opens arbitrary URLs and reads/interprets page HTML and visible text (SKILL.md "Get page source (HTML)" and "Get visible text via JavaScript") and provides runtime scripts that execute and return page JavaScript/results (scripts/url/open.applescript, scripts/tab/source.applescript, scripts/javascript/run.applescript), which exposes the agent to untrusted public web content that could contain instructions influencing subsequent actions.