browser-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's run_browser_agent and run_deep_research workflows explicitly navigate, scrape, and summarize content from public websites and arbitrary URLs (e.g., Google search results, GitHub Trending, Hacker News, and user-provided sites), meaning the agent will ingest untrusted third-party/user-generated content that could carry indirect prompt injection.