secret-sauce

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's browser automation docs (references/browser-automation.md) explicitly instruct the agent to run commands like "agent-browser open " and "agent-browser snapshot" / "agent-browser get text @ref", which navigate to arbitrary public URLs and extract/interpret page content, exposing the agent to untrusted third-party webpages that could contain indirect prompt-injection instructions.