agent-browser-2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill's SKILL.md shows the agent using agent-browser open and snapshot -i --json (e.g., "agent-browser open https://www.google.com" and subsequent snapshots/gets) to fetch and parse arbitrary public webpages, meaning the agent ingests untrusted third-party web content and acts on it (click/fill/get), enabling indirect prompt injection.