browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly directs agents to open and scrape arbitrary public web pages (e.g., SKILL.md shows new_tab("https://...") and the helpers/js(fetch)/http_get patterns) and includes domain-skills that fetch and parse untrusted, user-generated or public content from sites like agentlist.com, zhipin.com, archive.org, amazon.com, etc., which the agent is expected to read and use to drive navigation and actions (e.g., extracting bossId, job lists, or API results) — meeting the conditions for indirect prompt-injection risk.