dev-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill automates browsing and scraping of arbitrary public websites and APIs (e.g., page.goto, client.getAISnapshot/selectSnapshotRef, page.evaluate(fetch) and the scraping guide references/scraping.md that captures responses and replays API requests, plus FlareSolverr solveUrl/bypassCloudflare), so the agent will fetch and read untrusted third‑party web content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill auto-enables "stealth" anti-detection and Cloudflare-bypass features and auto-installs packages / starts Docker containers, which instructs the agent to evade remote security protections and modify the host environment rather than staying read-only.