vercel-agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and interacts with arbitrary public web pages (e.g., "agent-browser open https://news.ycombinator.com", "agent-browser open https://github.com/login"), uses snapshots/eval to read page content and refs, and includes an AI chat mode and batch automation that act on that page-derived content—so untrusted third-party web content can be ingested and materially influence subsequent agent actions.