web-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly opens and scrapes arbitrary public URLs (e.g., agent-browser open , Playwright examples like visiting https://news.ycombinator.com, and templates/capture-workflow.sh) and instructs the agent to snapshot/get text and act on those page contents, so untrusted third‑party webpages can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes npx agent-browser and npx playwright at runtime, which fetch and execute packages from the npm registry (e.g. https://registry.npmjs.org/) so remote code is fetched-and-run as a required dependency.