real-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill (SKILL.md Step 2 and usage examples such as "agent-browser --cdp 9851 open https://x.com" and the Login State Notes listing X, Reddit, GitHub) requires the agent to load and interact with arbitrary public websites (snapshot, read DOM, click/fill/etc.), so untrusted, user-generated third‑party content can be ingested and materially influence subsequent tool actions.