selenium

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and workflows (e.g., SKILL.md and reference files like references/frames-windows.md and references/javascript-execution.md, plus example suites in assets/examples/*.robot) explicitly open arbitrary URLs (Open Browser ${URL}, Execute JavaScript window.open('${url}'), Open URLs In Tabs) and use Get Source/Get Text/Get Element Attribute/Wait Until Page Contains to read and act on public webpage content, so untrusted third‑party pages can influence subsequent tool actions.