browserless

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and renders arbitrary public web pages (e.g., via the /scrape, /content, /function, /export endpoints) — including examples like news.ycombinator.com — so it ingests untrusted third-party content that could carry indirect prompt-injection instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill makes runtime calls to production-sfo.browserless.io (e.g., the /function endpoint) which executes submitted JavaScript on the remote service, so this external URL is used at runtime to execute remote code and is a required dependency.