cmux

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes a full browser subsystem (see SKILL.md and references/cmux-reference.md) with commands like browser open/browser navigate/browser eval/browser get/browser wait that navigate to arbitrary URLs and extract or evaluate page content, so the agent will fetch and interpret untrusted public web pages which could embed instructions affecting subsequent actions.