browser-screenshot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses WebSearch/WebFetch and the agent-browser to fetch and navigate arbitrary public web pages (e.g., Reddit, X/Twitter, LinkedIn, HuggingFace, arbitrary URLs) and requires the agent to read/interpret DOM content and run JS (highlighting, get box, eval) to decide what to crop and what actions to take, so untrusted third-party content can materially influence behavior.