agent-browser

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs include an explicit malicious domain (malicious.com), third‑party installation pages that may instruct downloading binaries (lightpanda.io), and several untrusted/placeholder domains — indicating the set contains potential download vectors for malware and warrants caution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens arbitrary URLs (e.g., "agent-browser open " in SKILL.md) and ingests page content via snapshot/get text commands (see "Data Extraction", "Snapshot", and the capture/form automation templates), and that page-derived content is used to drive subsequent interactions, so untrusted third‑party pages could inject instructions that influence agent actions.