browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's CLI explicitly navigates to arbitrary URLs and extracts page content (e.g., "open ", "snapshot -i", "get text @e1") and is described for web scraping and content capture, meaning it ingests untrusted public web content (websites/forums/social media) into the agent's workflow.