browser-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to open arbitrary URLs (core workflow: "browser-use open ") and to extract/execute page content (commands like browser-use get html, browser-use get text, browser-use eval "js code" and the CDP examples in references/cdp-python.md), so the agent will fetch and interpret untrusted public web content that can influence subsequent actions.