agent-browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most entries are benign/placeholder sites (example.com, GitHub login, localhost) but the list includes an explicit malicious domain (https://malicious.com) and a third‑party binary install page (https://lightpanda.io/docs/open-source/installation) — together these make the set potentially dangerous for distributing executables unless sources are verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary external URLs and ingests page content (e.g., SKILL.md "agent-browser open " plus snapshot/get text commands and templates like templates/capture-workflow.sh and form-automation.sh) so the agent reads untrusted public web pages and uses that content to decide and perform follow-up actions.