agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Core Workflow and Key Commands (e.g., "agent-browser open ", "snapshot -i --json", "get text/get html") explicitly show the agent opens arbitrary public URLs and parses their content, meaning untrusted third-party webpages can be read and directly influence subsequent actions.