Skills
skills/matrixy/agent-browser-skill/agent-browser/Snyk

agent-browser

Warn

Audited by Snyk on Mar 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to open arbitrary URLs (agent-browser open ), snapshot and get page text/html (e.g., agent-browser snapshot -i --json, get html/get text), and parse refs from those live web pages (examples show navigating to https://example.com/form and identifying @e2/@e3) so untrusted public web content can be read and used to drive subsequent actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 04:32 PM
Issues
1