review-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to open and test arbitrary provided URLs using agent-browser ("Use agent-browser to open the {URL(s)} in {Mode}" and the Arguments section listing "URL(s): The URL of the web page to open and review"), so the agent will fetch and interpret untrusted public web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running the external "agent-browser" package at runtime (via "npm install -g agent-browser" and "agent-browser install" which downloads Chromium), which fetches and executes remote code from the npm registry and remote Chromium download URLs and is therefore a required runtime dependency that executes remote code.