browser-max-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md core loop explicitly instructs the agent to perform browser_navigate(url) and then use browser_snapshot/browser_evaluate to read and act on page DOM, meaning it will fetch and interpret arbitrary third-party web pages (open URLs) which can contain untrusted, user-generated instructions that could influence subsequent actions.