web-browser-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly asks for a target URL and instructs the agent to "Use the /browse skill (gstack headless browser) to navigate the app" (Step 1 and Step 2), which means it will fetch and interpret arbitrary public web pages or user-provided sites whose untrusted content can influence the agent's subsequent fixes and actions.