chrome-devtools-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md AI Workflow and Navigation sections show commands like new_page --url, navigate_page --url, take_snapshot, evaluate_script, and get_network_request which fetch and ingest arbitrary public web pages and responses (open third‑party content) that the agent is expected to read and act on, enabling indirect prompt injection.