agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to untrusted third‑party content because the agent-browser CLI explicitly opens arbitrary public URLs via "agent-browser open " and then reads page content with commands like "snapshot" and "get text", allowing web or user-generated content to be ingested and potentially inject instructions.