lightpanda-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill clearly fetches and renders arbitrary public web pages (see SKILL.md and references/cli.md "fetch" examples) and the runtime scripts (scripts/run-lightpanda.js and scripts/run-cdp-task.js) pass user-supplied URLs into Lightpanda/CDP and task files (page.goto), so untrusted third‑party content is ingested and can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill can at runtime rely on and connect to remote cloud endpoints (e.g. wss://euwest.cloud.lightpanda.io/ws?token=TOKEN and https://euwest.cloud.lightpanda.io/mcp/sse?token=TOKEN) or pull and run the Docker image lightpanda/browser:nightly, both of which fetch and execute remote code used by the runtime.