web-browser-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs using the /browse headless browser to navigate the target URL provided in Step 1 and Step 2 (e.g., arbitrary http(s) sites or app URLs), so it will fetch and interpret third‑party web content as part of its audit and subsequent fix actions, allowing external page content to materially influence decisions.