browse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow includes fetching and processing browser page content (public web content / arbitrary URLs) via the browser-control router (e.g., /browse → browser-control execution that reads the current page DOM/text), which can include outsider-authored free text that is ingested into the agent’s LLM context.