browse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly navigates to arbitrary URLs and ingests page content (e.g., SKILL.md and references/commands.md show use of "browse goto ", "browse text", "browse snapshot -i", and running JS against loaded pages), so it fetches untrusted public web content and uses that content to drive interactions and decisions in the agent workflow.