a0-browser-ext

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The "Install From Chrome Web Store" workflow explicitly downloads CRX packages from the public Chrome Web Store, extracts and inspects manifest.json and permissions, and uses that untrusted third-party content to decide installation/configuration, so external content can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs downloading and extracting CRX packages from Chrome Web Store URLs (e.g. https://chromewebstore.google.com/detail/name/ and https://chrome.google.com/webstore/detail/name/) at runtime so remote extension code would be fetched and executed inside the Browser plugin, creating a direct runtime dependency that can execute untrusted code.