steel-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and command references (e.g., commands like "steel browser open ", "steel browser get text", "steel browser get html", and "steel browser wait --text" in references/steel-browser-commands.md and SKILL.md) explicitly direct the agent to fetch and interpret arbitrary public URLs and page content, which is untrusted third-party content that can influence subsequent actions.