page-collect
Warn
Audited by Snyk on Jul 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Yes—this skill navigates to a runtime-supplied external URL and uses Playwright to read outsider-authored webpage content (e.g.,
document.bodytext and DOM/inline SVG viapage.evaluateinscripts/page-collect.jscallingwindow.__pageCollect.extractfromscripts/page-collect-bundle.js), which becomes JSON strings that are then parsed and included in the agent’s context/output.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata