agent-browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The list includes an explicit malicious domain (https://malicious.com) and several ambiguous/untrusted hosts (non-official or placeholder/app subdomains) that could be used to serve installers, so despite some benign entries (docs, GitHub login), the presence of a known malicious site and multiple unverified domains makes the set suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary URLs and ingests page content (e.g., "agent-browser open ", "agent-browser snapshot -i", "agent-browser get text body") as shown in SKILL.md and templates/capture-workflow.sh, so it will read and act on untrusted public web pages which can materially influence subsequent tool actions.