illustration-ideas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to open and snapshot arbitrary URLs (e.g., the "agent-browser open " and associated snapshot/get text/html commands) and to "carefully review the full content of the article/page," meaning it ingests untrusted third-party web content provided by users.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch and ingest arbitrary user-supplied URLs (via commands like "agent-browser open " / "agent-browser get text @eX"), so external content from the provided can directly control the model's prompts and output.