agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates and ingests arbitrary public web pages (e.g., the "agent-browser open " command in references/commands.md and the capture-workflow.sh template that runs agent-browser open "$TARGET_URL" and agent-browser get text body / snapshot -i), and those page contents are read and used to drive actions (click/fill/save state), so untrusted third-party content can materially influence agent behavior.