navvi-browse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens and reads arbitrary web pages via navvi_open/navvi_browse and the stepwise "Screenshot — Read it" workflow, and its Milestones require recording the FULL text of public user-generated posts (e.g., forum/subreddit content), so untrusted third-party content is ingested and can influence actions like flow creation.