lightpanda

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and processes arbitrary public URLs (see SKILL.md quick start and scripts like fetch.cjs, interactive.cjs, semantic.cjs which call page.goto(url) and LP.get* commands), so the agent ingests untrusted third‑party web content that could influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). During provisioning, scripts/provision-runtime.sh downloads a runtime browser binary via curl from https://github.com/lightpanda-io/browser/releases/download/nightly/${BINARY_NAME} (and npm install pulls playwright-core from https://registry.npmjs.org/playwright-core/-/playwright-core-1.58.2.tgz per package-lock.json), both of which fetch remote executable code that is required by the skill and is executed at runtime.