browser-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill can navigate to arbitrary public URLs and capture/inspect page content and DOM (see SKILL.md navigate/snapshot examples) and the run.py handlers (navigate, snapshot, evaluate, run_code, pipeline) ingest and act on that untrusted third‑party web content, so page-provided instructions could influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill spawns "npx -y @playwright/mcp@latest --extension" at runtime, which downloads and executes remote npm package code (https://www.npmjs.com/package/@playwright/mcp), and this fetched code is required for the skill to operate and runs remotely—constituting a runtime external dependency that executes remote code.