wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill is described as operating on the user-opened browser page and detecting playback sources, which implies it may ingest page body text (public web content authored by others) into the agent’s LLM context at runtime via browser/page extraction.