web-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill directly browses and ingests arbitrary public web pages (see SKILL.md and nav.js for navigating arbitrary URLs) and executes/interprets page content and frames (cdp.js evaluate/evaluateInFrame, eval.js, dismiss-cookies.js, pick.js, and watch.js/logging), so untrusted third‑party pages and user-generated content can materially influence clicks, evaluations, and subsequent agent actions.