browse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly exposes the agent to arbitrary public web content via commands like "browse goto " and subsequent extraction/interaction commands ("browse text", "browse html", "browse js", "click", "fill", "chain") which cause the agent to read and act on untrusted third‑party pages whose content could steer follow‑up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's setup instructs running "curl -fsSL https://bun.sh/install | bash", which fetches and immediately executes a remote install script at https://bun.sh/install during installation (required if bun is not present) — this executes remote code and thus is a runtime installation-time dependency risk.