browser-auth-flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime path “Open a recorded session via browser-record” and subsequent “Drive the auth flow”/“Run probes” (e.g., browser_get-url, browser_eval reading document.cookie, and inspecting captured trajectory) ingests page content/URLs and browser-extracted text from the target site (an outsider-authored web source) into the agent’s LLM context for analysis.