senior-qa-engineer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly exposes the agent to untrusted third-party content via the browser-use skill (e.g., commands like "browser-use open ", "browser-use get html", "browser-use get text", and "browser-use extract ...") which navigate arbitrary public URLs and extract/site-scrape content for the agent to read and interpret.