task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Frontend Verify and Authentication sections explicitly instruct the agent to open arbitrary URLs and perform OAuth flows using agent-browser (e.g., "agent-browser open --headed", "agent-browser state save/load", and the frontend-verify workflow), which makes the agent fetch and interact with third-party web pages whose content can influence verification steps and subsequent actions.