agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and examples (e.g., examples/quick-start/quick-start.md and api/commands.md) explicitly instruct the agent to "open " and run "snapshot"/"get content" against arbitrary public websites (e.g., news.ycombinator.com), so the agent fetches and interprets untrusted third-party page content which can materially influence subsequent clicks/fills/eval actions.