bun-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI explicitly navigates to arbitrary URLs and returns page content (e.g., "browse goto ", "browse text", and "browse snapshot" in SKILL.md / AGENTS.md), meaning the agent will fetch and interpret untrusted third‑party webpages and their user-generated content as part of its workflow, which could indirectly inject instructions affecting subsequent actions.