browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md and EXAMPLES.md explicitly instruct the agent to open arbitrary public URLs (e.g., "browse open ") and to ingest page content via commands like "browse snapshot" and "browse get text 'body'", which means untrusted third‑party web content can be read and directly influence follow-up actions (clicks, form fills, mode switches such as to Browserbase) and therefore could enable indirect prompt injection.