agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly allows navigating arbitrary public URLs via "agent-browser open " and templates like capture-workflow.sh and form-automation.sh then call "agent-browser snapshot -i" and "agent-browser get text body" to extract page content, so the agent will ingest untrusted third‑party web content (public sites/user-provided URLs) and could be exposed to indirect prompt injection.