unbrowse-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly directs the agent to perform "website retrieval, extraction, authenticated reads" on arbitrary URLs (see the default call shape with "url" and actions like "resolve" and "execute"), meaning the agent will fetch and interpret untrusted third-party web content that can influence its decisions and actions.