reflex-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to open and summarize arbitrary target web pages (e.g., "reflex browser open """ and the required "Discovery Before Capability Audits" / summary workflow, plus examples like books-to-scrape and careers-to-xlsx) — it therefore fetches and interprets untrusted public web content (page summaries/refs/attributes) that directly drives subsequent clicks, selector choices, and actions.