agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly wraps a headless browser and instructs the agent to "open ", "snapshot", and "get text" (see SKILL.md and README.md examples like agent-browser open google.com, agent-browser snapshot -i, and agent-browser get text @e1), which causes the agent to fetch and interpret arbitrary public web pages whose user-generated/untrusted content could influence subsequent actions.