Agent Browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The GitHub URL points to a transparent code repo under a recognizable org (lower risk) but any npm/git install can run arbitrary install scripts so should be reviewed; star-swap.com is an unverified third‑party site and the skill’s instructions to connect an agent to your real Chrome profile (remote debugging/session reuse) is high‑risk because it can expose active credentials and session data—together this is a moderate-to-high risk setup.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary public URLs via "agent-browser open " and ingests page content with commands like "agent-browser snapshot --json", "agent-browser get text", and "agent-browser get html", which exposes the agent to untrusted third-party web content that could contain indirect prompt injections.