browser-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to and ingests arbitrary public web pages (e.g., SKILL.md "Navigate to target URL" / Agent Loop and Operations like "snapshot", "extract", "search_page", and "webmcp_discover"/"webmcp_call"), so untrusted third‑party page content and WebMCP-declared tools are read and used to decide and drive subsequent actions.