automating-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's command reference and workflow (e.g., references/AGENT-COMMANDS.md and references/AGENT-EXAMPLES.md) explicitly instruct the agent to open arbitrary URLs (open ) and to snapshot/get text/eval page content and then act on those refs, meaning it fetches and interprets untrusted public web content as part of its automated decision/interaction flow.