browser-devtools-mcp-vscode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly lets the AI drive a real browser to arbitrary public URLs (see the "navigate" tool and example prompts like "Navigate to example.com" and the "web_vitals" and "execute" workflows in SKILL.md), causing the agent to fetch and interpret untrusted third‑party page content that can influence subsequent tool use and decisions.