navigator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and code (SKILL.md AUTORUN handling of target_url plus the RECON→PLAN→EXECUTE phases and references/data-extraction.md and playwright-cdp.md) explicitly navigate to arbitrary public URLs (page.goto), scrape page content (page.evaluate, querySelectorAll, pagination) and then make navigation/form-submission decisions based on that content, so untrusted third-party webpages can materially influence agent actions.