agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's core workflow in SKILL.md requires running agent-browser open and snapshot -i (and the provided templates like templates/capture-workflow.sh and templates/form-automation.sh pass arbitrary URLs) which clearly fetches and ingests open/public webpages (untrusted, user-generated content) that the agent is expected to read and act on (click/fill/eval), so third-party page content can materially influence subsequent tool actions.