browser-workflow-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly directs the agent to "Navigate to [URL]" and use MCP tools like read_page/get_page_text during workflow execution and, in Phase 4, to "Search for reference examples using WebSearch" and "Visit 2-3 reference examples and compare," which requires fetching and interpreting arbitrary public web pages whose content can influence navigation, verification, and fix decisions.