cmux

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes a full browser subsystem that explicitly navigates to arbitrary URLs and scrapes/evaluates page content (e.g., "cmux browser open/navigate/goto ", "browser eval", "browser wait --selector", and the "Browser Automation: Scrape Content" example in references/cmux-reference.md), which exposes the agent to untrusted public web content that could influence actions.