next-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Tasks/Subagent section and example task_description show the skill spins up cloud browsers to visit public sites (e.g., Reddit.com) and read/interact with user-generated posts, so the agent will fetch and interpret untrusted third‑party content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill submits user-provided "task_description" to Nextbrowser's runtime API (e.g., https://app.nextbrowser.com/api/v1/chat/tasks and other https://app.nextbrowser.com/api/v1 endpoints) which runs an external subagent to execute browser actions/automation, so the external URL is used at runtime and causes remote code/agent execution.