browser-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses arbitrary public web pages (e.g., agent-browser and agent-browser examples like "https://x.com/username/status/...", "https://reddit.com/...", and actionbook recipes such as actionbook get reddit/github) so the agent will read untrusted, user-generated third-party content as part of its workflow, enabling indirect prompt injection.