browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly exposes functions that navigate to arbitrary URLs and extract or act on page content (e.g., browser_get_page_info(url, text=True, links=True) and browser_act(starting_url=...)), meaning it will fetch and interpret untrusted public web content which could contain injected instructions.