browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflows and commands (e.g., SKILL.md "agent-browser open " and the examples in examples/inspection-workflow.md and references/cli-reference.md) explicitly fetch and inspect arbitrary public web pages and evaluate DOM/JS (snapshot, get html/text, eval, console, network requests), meaning untrusted third‑party content is read and can directly drive subsequent interactions and decisions.