run-agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s core workflow (SKILL.md and the provided templates like templates/ai-agent-workflow.sh and templates/capture-workflow.sh) explicitly instructs the agent to open arbitrary URLs (agent-browser open "") and to read/parse page content (snapshot -i, get text, eval) so untrusted public web content can directly influence subsequent actions.