os-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Browser Automation" section (implemented via Chrome DevTools MCP) explicitly supports page navigation, webpage/element screenshots, and form filling/clicking, which lets the agent fetch and interact with arbitrary public web pages whose untrusted content could influence subsequent automated actions.