task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Phase 4 "Frontend Verify" explicitly instructs the agent to use agent-browser to open arbitrary login URLs and navigate/interact with SaaS/OAuth-protected web apps (e.g., "agent-browser open " and auth flows), so the agent will fetch and interpret untrusted third‑party web content as part of its workflow.