browse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill docs (e.g., skills/browse/SKILL.md and skills/functions/SKILL.md) explicitly instruct the agent to open arbitrary external URLs (browse open / browse --ws $BROWSERBASE_CONNECT_URL open ) and include code examples that call page.goto(params.url), snapshot, and page.evaluate()—including scraping public sites like news.ycombinator.com—so untrusted, user‑generated third‑party content is fetched, interpreted, and can directly influence subsequent actions.