browser-automation-notte

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly exposes endpoints that fetch and scrape arbitrary public URLs (e.g., "Scrape Webpage" /scrape, "Scrape Page" /sessions/{session_id}/page/scrape, and "Start Agent" /agents/start with a starting URL and autonomous browsing tasks), which means the agent will read and act on untrusted third‑party web content that could contain injected instructions.