cmux-terminal-multiplexer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Browser Automation section in SKILL.md explicitly lets the agent open arbitrary URLs (cmux --json browser open ) and then read/ snapshot/ get text/ wait for text/ find and click elements (e.g., cmux browser get text body, snapshot --interactive, wait --text, click e1), which means the agent fetches and interprets untrusted third‑party web content that can change its subsequent actions.