cmux

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's browser automation (e.g., "cmux --json browser open " and the commands in references/browser.md and SKILL.md like get url, snapshot, get text|html, eval, click, fill) explicitly fetches and reads arbitrary public URLs and DOM content and uses that content to decide and drive further actions, exposing the agent to untrusted third-party content that could enable indirect prompt injection.