web-screenshot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's CLI (SKILL.md examples and screenshot.js) takes an arbitrary URL and launches headless Chrome to load and render that webpage for screenshots (see screenshot.js invocation and SKILL.md usage), which clearly fetches untrusted third-party content that the agent processes at runtime and could contain instructions affecting behavior.