browser-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary web URLs (see SKILL.md "navigate" example) and the run.py actions (navigate + snapshot) fetch and return page content/DOM text from public sites, which the agent reads and can base follow-up interactions on, exposing it to untrusted third‑party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill spawns "npx -y @playwright/mcp@latest" at runtime (which fetches and executes remote code from the npm registry, e.g. https://registry.npmjs.org/@playwright/mcp) and that fetched package is required for the skill to operate, so it is a runtime external dependency that executes remote code.