agent-browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs are moderately to highly suspicious because while many are benign placeholders or official docs (e.g., lightpanda.io, example.com, GitHub login), the list explicitly contains an obvious malicious domain (https://malicious.com) and several login/install endpoints that could be used for phishing or to host/serve executables—so any downloads or executables referenced should be treated as untrusted until validated.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to navigate arbitrary URLs (agent-browser open ) and to snapshot/get text from pages (snapshot -i, get text) so the agent fetches and interprets untrusted public web content that can drive further clicks/eval/actions.