chrome-replay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly loads and interacts with arbitrary web pages from recordings (see SKILL.md: "Navigate first — execute navigate steps directly" and the JSON example with "url": "https://example.com"), taking snapshots and interpreting page content to find elements and decide actions, which exposes it to untrusted third-party web content that could inject instructions.