agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and scrapes arbitrary public URLs (e.g., "agent-browser open " in SKILL.md and the capture-workflow.sh template which accepts a target URL and runs "agent-browser get text body"), so the agent ingests untrusted third‑party web content as part of its workflow.