actionbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens and inspects arbitrary public webpages (e.g., actionbook browser open , actionbook browser snapshot/text/html and examples like opening "https://github.com/notifications" and "https://arxiv.org/...") and uses that untrusted page content to drive actions (click/fill/eval), so third‑party page content can be read and materially influence subsequent automated decisions.