kernel-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs browser automation against arbitrary public websites and ingests their content (e.g., references/browser-management.md shows kernel browsers playwright execute '<await page.goto("https://example.com")>' and references/browser-pools.md shows a high-volume scraping loop that returns page.content(), plus references/app-deployment.md allows invoking actions with a payload containing a target "url"), so untrusted third‑party pages can be fetched and materially influence tool actions.