browser-use-agentcore

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts and navigates to arbitrary URLs (e.g., the command-line "url" parameter and the page.goto(...) calls in the examples) and reads page content/title/API responses (page.content(), JSON output), so it fetches and interprets untrusted public web content that could carry indirect prompt injections.