peach-e2e-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to a live Chrome CDP and navigates/scrapes web pages (e.g., references/gmail-메일목록.js visits https://mail.google.com and extracts DOM, and connect.js/selector.js fetch the CDP /json to read tab URLs), so the agent ingests untrusted third-party page content which can directly influence tool choices and actions.