agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflow ("Open a URL" and the snapshot/interaction commands in SKILL.md) directs the agent to fetch and parse arbitrary web pages (via agent-browser open and snapshot producing an accessibility tree), so untrusted public web content could be read and directly influence subsequent interactions.