browser-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary URLs (scripts/navigate.js / SKILL.md), evaluates and executes JavaScript in page context (scripts/evaluate.js), and inspects/interacts with page DOM (scripts/element.js) — all of which ingest and act on untrusted public web content (pages, user-generated sites) as part of its required workflow, enabling indirect prompt injection.