moai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The e2e workflow clearly instructs the agent to navigate and interact with arbitrary web pages (e.g., workflows/e2e.md: Agent Browser "autonomously explores and interacts with web pages", --url flag, and Claude-in-Chrome MCP calls like mcp__claude-in-chrome__read_page/get_page_text), meaning it will fetch and interpret untrusted third-party page content which can directly influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The E2E workflow includes runtime installation commands that fetch and run third‑party tooling (e.g., npm/npx installs for agent-browser), so the referenced repository https://github.com/vercel-labs/agent-browser can result in remote code being fetched and executed during skill runtime.