buse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly drives a browser to navigate and interact with arbitrary public websites (e.g., SKILL.md examples "navigate websites", "Search for OpenAI documentation", "Check the stock status of an item on ExampleStore.com" and headless/data-extraction scenarios), meaning the agent will fetch and interpret untrusted third‑party web content that can influence subsequent actions.