agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes this as a "Browser automation CLI" used "when the user needs to interact with websites, including navigating pages" (SKILL.md), meaning the agent will fetch and interpret arbitrary public web content which can contain untrusted, user-generated instructions.