browser-work

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to an arbitrary target URL and snapshots/scrapes the page during Step 2 ("Navigate & Snapshot" of "") and then pastes the recon-derived guide (contents of $WORK_DIR/guide.md) into the Agent prompt in Step 4, so untrusted third-party page content is read and directly drives agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill may invoke remote code at runtime via npx (npx @team-attention/chromux) and suggests installing the same package (npm i -g @team-attention/chromux), which fetches and executes third‑party package code required to run chromux and thus represents a runtime external dependency that executes remote code.