vibebrowser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs using vibebrowser-cli snapshot (--format ai/aria) and open to read the contents of the user's real browser tabs or arbitrary web pages (see the Deterministic runbook steps and "Common commands" snapshot/open examples), which are untrusted third‑party pages that the agent is expected to read and then use to decide/effect clicks and typing actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill invokes remote code at runtime via npx (e.g., "npx -y --package @vibebrowser/mcp vibebrowser-cli"), which downloads and executes the @vibebrowser/mcp package from the npm registry (e.g., https://registry.npmjs.org/@vibebrowser/mcp) and is required for the skill to operate, so it directly executes remote code.