agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's core workflow (SKILL.md) and templates (e.g., templates/capture-workflow.sh and templates/form-automation.sh) explicitly call agent-browser open and agent-browser snapshot -i to fetch and ingest arbitrary public web pages (user-provided URLs), which the agent reads via snapshot refs and uses to drive clicks/fills and other actions—exposing it to untrusted third-party content that could contain indirect prompt-injection instructions.