cmux-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly opens and interacts with arbitrary external webpages (e.g., "cmux browser open " and snapshot/get text/get html flows in SKILL.md and references/commands.md and session-management.md, plus examples like fetching https://httpbin.org/ip), so the agent ingests untrusted, public web content and acts on it (snapshots, reads, and drives actions), enabling indirect prompt-injection from third-party pages.