web-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to run agent-browser open and to use snapshot to read full page text and interact with arbitrary web pages (e.g., Typical Workflow steps 1–3), which means the agent will fetch and interpret untrusted third-party web content that could contain instructions influencing its actions.