open-browser-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI/SDK workflows explicitly open arbitrary public URLs (e.g., SKILL.md open-tab and action-plan examples) and the SDK examples in references/sdk-and-protocol.md show navigating to a GitHub issues page and extracting page text (tab.goto("https://github.com/.../issues") and tab.playwright.locator("body").inner_text), so the agent will ingest untrusted third-party web content as part of its runtime workflow.