chrome-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly tells the agent to open arbitrary public URLs (e.g., "agent-browser --auto-connect open "), read and evaluate page content ("get text body", "snapshot -i", "eval"), and automate interactions on user-generated platforms (see references/reddit.md, linkedin.md, x.md, devto.md, hackernews.md), so untrusted third‑party pages can be ingested and materially influence the agent's actions.