dogfood

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires navigating to a user-provided target URL and uses browser tools (browser_navigate, browser_snapshot, browser_vision, etc.) to read and act on live web page content, so arbitrary public websites can be ingested and influence the agent's actions.