Browswer Automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md core workflow explicitly requires opening arbitrary URLs and interacting with page content via "agent-browser open " and "agent-browser snapshot", which exposes the agent to untrusted public web pages whose content it must read and act on.