Agent Browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Neither URL points to an obvious direct executable download, and the GitHub repo (vercel-labs/agent-browser) is a recognizable source (lower risk), but star-swap.com is an unaudited third‑party site and the skill’s instructions to connect a CLI to your real Chrome profile via remote debugging or to install/run an unvetted global package can expose session cookies and allow arbitrary browser automation, so together they present a moderate-to-high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "open " and use "snapshot --json" / the "Optimal AI Workflow" to observe and act on arbitrary web pages (e.g., open , snapshot, get text/html), meaning it fetches and interprets untrusted public third‑party content that could contain injected instructions.