browser-screenshot-diff

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill ingests outsider-authored free text at runtime via the RVF artifacts’ trajectory.ndjson/accessibility snapshots (e.g., screenshot_path/snapshot_path content and DOM/accessibility node text) that come from recorded sessions not authored by the operating user, which are then read into the agent’s LLM context to report diffs and findings.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's step 1 runs "npx -y ruvector@0.2.25 rvf status .rvf", which fetches and executes the ruvector@0.2.25 package from the npm registry at runtime, so it is a runtime external dependency that executes remote code.