qe-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously navigates to and evaluates public web pages (e.g., via vibium go to pinned URLs like https://httpbin.org/... and https://vibiumdev.github.io/... and the local fixtures server) and its scripts (check-injection.js, intent-score.js, assert.js via vibiumEvalStdin/vibiumJson) read and act on untrusted page DOM/text, so third‑party content can materially influence selector discovery, assertions, and subsequent tool actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes explicit instructions to run sudo apt-get install (requesting elevated privileges to modify system packages), which asks the agent/user to obtain sudo rights and thus can change machine state.