chrome-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to open and interact with arbitrary public webpages (e.g., agent-browser --auto-connect open , get text body, snapshot -i) and includes platform-specific references for Reddit, X, LinkedIn, Dev.to and Hacker News, meaning the agent will ingest and act on untrusted, user-generated third-party content from those public sites.