build-kernel-ts-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly drives browsers to arbitrary external URLs and ingests their content as part of its workflow (see SKILL.md's browser-control guidance and the referenced examples such as references/examples/deploy-and-invoke-app.md which does page.goto(payload.url) and reads page content, and references/guides/managed-auth.md which launches browsers to third‑party SaaS pages), so it clearly consumes untrusted public web content that can influence subsequent actions.