agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to open arbitrary URLs (agent-browser open ), take snapshots (snapshot -i) and screenshots and use the Read tool to inspect page content, and supports CDP mode to connect to a user's Chrome — all of which cause the agent to ingest and interpret untrusted/public third‑party web content.