browse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's run_browsing_task accepts a user-provided start_url and navigates/scrapes arbitrary public websites, causing the agent to ingest untrusted third-party (public/web user-generated) content that could carry indirect prompt injections.