agent-browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The list is mixed — mostly benign placeholders (example.com, github.com/login, localhost, staging/prod) and documentation, but it includes an explicit malicious domain (malicious.com) and non–widely‑vetted installer links (e.g., lightpanda.io installation guidance and other third‑party sites), so downloads or executables referenced here should be treated as potentially unsafe and verified before running.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md core workflow and included templates (e.g., agent-browser open , snapshot -i, get text, and templates/capture-workflow.sh / form-automation.sh) explicitly navigate to arbitrary public URLs and ingest page content that the agent is expected to parse and act on, exposing it to untrusted third-party content that could carry indirect prompt injections.