kernel-agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to open arbitrary public websites (e.g., using "agent-browser -p kernel open "), take snapshots and read page content ("agent-browser -p kernel snapshot -i", wait --text, get url), and create site-specific skills for public domains (examples: kroger.com, amazon.com), so it ingests and interprets untrusted third‑party web content.