agent-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md core workflow and templates (e.g., "Navigate: agent-browser open " in SKILL.md and templates/capture-workflow.sh which runs agent-browser open then snapshot/get text body) show the agent fetches and parses arbitrary public web pages and snapshots (untrusted, user-generated content) and uses that content to drive interactions and subsequent actions, allowing indirect prompt injection.