skill-browser-crawl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and processes arbitrary public web pages (see SKILL.md and scripts/basic_crawl.py / scripts/deep_crawl.py) and the deep crawler parses page content and extracted links to decide next pages to crawl, so untrusted third‑party content can directly influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill fetches and renders arbitrary user-supplied URLs at runtime (e.g., https://example.com) using a headless browser, meaning remote pages' JavaScript is executed during runtime and thus can run remote code.