browser-auth-flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly drives and inspects an arbitrary site's live authentication flow (Steps 2–3 in SKILL.md: using browser-record/browser-login, monitoring browser_get-url, inspecting login POSTs and document.cookie via browser_eval), so it fetches and interprets untrusted third-party web content that can materially influence probe actions.