web-prototype

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and scrapes arbitrary user-provided public web pages (via Chrome automation calls like mcp__Claude_in_Chrome__navigate, mcp__Claude_in_Chrome__read_page and JS extraction, and a WebFetch fallback) as described in Phase 1 and references/extraction-scripts.md, and the agent is required to interpret that untrusted third‑party content to drive building decisions for the prototype.