browser-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Tasks and Browser Sessions features (e.g., POST to /api/v2/tasks with a "task" and optional startUrl and connecting to browsers via the returned cdpUrl/liveUrl) instruct the agent to visit and scrape arbitrary public websites and return an "output" string, meaning the agent will read untrusted third‑party web content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to https://api.browser-use.com (notably the /api/v2/tasks endpoint) to run autonomous browser tasks and an external LLM that execute remote actions/logic which the skill depends on, so this is a runtime external dependency that executes remote code.