browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and helper docs explicitly instruct the agent to navigate arbitrary TARGET_URLs (page.goto), fetch and inspect live pages (helpers.getPageStructure, getPageStructureWithRefs, page.evaluate, annotatedScreenshot, page.request.head for link checks) and even connect to the user's running Chrome, so the agent will ingest untrusted, public web content and use that content to determine selectors and perform actions.