navvi-login

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (navvi_login and subsequent navvi_find/navvi_click, screenshot reading, and milestone "description of what's visible") explicitly navigates to and reads public third-party login pages and uses that untrusted page content to decide actions like clicking elements, handling CAPTCHAs, escalating to VNC, and recording outcomes, which can enable indirect prompt injection.