agent-browser-helper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly launches a local Chrome instance for use with agent-browser and the SKILL.md shows runtime commands like "agent-browser open --cdp 9222" and guidance to "browse sites with bot detection (login flows, scraping)," which means the agent will fetch and interact with arbitrary public/untrusted web pages (via the CDP port started by scripts/chrome.sh) and can be influenced by their content.