agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to navigate and interact with arbitrary public websites and extract page content (see "Use this skill whenever the user wants to: Navigate websites and interact with pages" and commands like snapshot, eval, and agent mode), so the agent will fetch and read untrusted third‑party web content.