browser-use-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to open and interact with arbitrary public URLs (e.g., "browser-use open ", "remote open ", and guidance for "search the web" / "extract data from X"), meaning the agent will fetch and read untrusted third‑party web content that could carry indirect prompt injections.