browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly directs the agent to navigate to arbitrary URLs with browser_navigate and then read/interpret page content via browser_snapshot and browser_evaluate (e.g., extracting data, finding refs, clicking "Next"), meaning the agent will ingest and act on untrusted public web pages that could contain malicious or instruction-bearing content.