autobrowse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The inner agent (scripts/evaluate.mjs) explicitly opens arbitrary/public URLs provided via task.md or free-form user input and uses browse commands like browse snapshot / browse get text body to read and act on page content as part of its decision loop (see SKILL.md and evaluate.mjs), so untrusted third‑party webpages can materially influence tool use and next actions.