web-prototype

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary public web pages as part of its workflow (Phase 1: Chrome automation calls like mcp__Claude_in_Chrome__navigate and mcp__Claude_in_Chrome__read_page, plus a WebFetch fallback and the in-page JS extraction scripts in references/extraction-scripts.md), and the extracted/untrusted page content is used to drive code generation, design-token mapping, and tool actions—so third‑party content can materially influence agent behavior.