browser-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill intentionally browses and scrapes arbitrary public websites (e.g., the uv run browser.py auto/open commands, google-image/download-images, youtube-search/youtube-download, and tiktok-search/tiktok-download) and ingests user-generated/untrusted content from social sites and arbitrary URLs as part of its workflow, which can enable indirect prompt injection.