agentcore

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md core workflow and examples explicitly instruct the agent to open arbitrary web pages (e.g., "agent-browser -p agentcore open https://example.com") and then perform interactive actions like click/fill/snapshot, meaning the agent will fetch and act on untrusted third‑party web content (websites) that could carry indirect prompt-injection instructions.