open-gstack-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly launches an AI-controlled browser and instructs the agent to navigate and read live public webpages (e.g., Step 4 demo: $B goto https://news.ycombinator.com) and to use the sidebar chat to "navigate pages...and read content"—clear evidence the agent ingests untrusted, user-generated third-party web content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The setup step may run curl -fsSL "https://bun.sh/install" to download and then execute the install script (bash "$tmpfile") at runtime if bun is missing, which fetches and runs remote code from https://bun.sh/install.