browse-now

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run commands like "browse-now open " and "browse-now get page-text" which control the user's real browser to fetch and read arbitrary public web pages (untrusted third-party content) and then interact with them (click/fill), so external page content can influence subsequent actions.