cli-anything-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly includes "page open " and shows workflows using fs ls/cat/grep and act click/type against arbitrary web pages (e.g., Usage Examples and Command Groups), meaning the agent fetches and interprets untrusted public URLs/DOM content which can influence actions and enable indirect prompt injection.