agentation-self-driving

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens arbitrary web pages via the agent-browser launch command ("agent-browser --headed open ") and then snapshots/evals DOM content and textContent to drive clicks, fills, and annotation decisions (see SKILL.md loop and eval/snapshot steps), meaning untrusted public web content can be read and materially influence agent actions.