bridgic-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly automates browsing arbitrary public websites (SKILL.md) and provides CLI commands like open/search and snapshot/get_snapshot_text (references/cli-guide.md and sdk-guide.md) — including explicit mention of scraping social media (Twitter/X, Weibo) — and the agent is expected to read those snapshots and drive clicks/fills/decisions based on page content, which exposes it to untrusted third‑party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The provided install script will fetch and execute remote installer code during setup (curl -LsSf https://astral.sh/uv/install.sh | sh on Unix and irm https://astral.sh/uv/install.ps1 | iex on Windows), which downloads and runs remote code as part of installing the required uv dependency, so it constitutes a runtime-executed external dependency.