glmv-web-replication

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to open and recursively explore arbitrary public websites (e.g., "agent-browser open " and "Recursively explore every public page" in SKILL.md), download assets, and interact with page content so the agent must read and act on untrusted third‑party web content which can influence navigation and actions.