browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill can open and navigate to arbitrary URLs (browser_open_tab/browser_navigate) and extract page content (browser_query with mode=page_text and other query modes), which exposes the agent to untrusted public web content that could carry indirect prompt injections.