actionbook-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens and scrapes arbitrary public URLs (e.g., agent-browser open "https://example.com/page", agent-browser get text ".selector" and Playwright --standalone flows) and ingests the extracted page text as part of its required verification and data preview, so it consumes untrusted, user-provided third‑party web content that could carry indirect prompt injection.