browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly exposes the agent to arbitrary web pages via browser_navigate and browser_extract (which auto-scrolls and collects page data), meaning the agent will ingest untrusted public web content whose text could influence subsequent browser_act decisions.