cyrus-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to use browser automation (claude-in-chrome or agent-browser) to navigate and scrape content from third-party web UIs (Linear, Slack, GitHub) and to extract/fill credentials as part of the setup, which exposes the agent to untrusted external web content that can influence its actions.