agent-browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly shows commands that open arbitrary URLs (e.g., "agent-browser open " and the batch example opening https://news.ycombinator.com) and describes an "AI agent loop with snapshot-driven interaction" where the agent reads page snapshots (@refs) and then fills/clicks based on that content, meaning untrusted, user-generated web content is fetched and interpreted to drive actions.