agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to navigate and ingest arbitrary public web pages (e.g., the "agent-browser open " command in api/commands.md and the agent-mode/examples that use "agent-browser snapshot --json" and templates/ai-agent-workflow.md), so the agent will fetch and parse untrusted third‑party content as part of its workflow, enabling indirect prompt injection.