browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflow and templates (SKILL.md core workflow, commands.md, and templates/capture-workflow.sh / form-automation.sh) explicitly instruct the agent to open arbitrary URLs and run snapshot/get-text/eval commands on web pages, so it fetches and interprets untrusted public third-party content (web pages) that can directly influence subsequent clicks, fills, evals, and other actions.