rf-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and example test suites (SKILL.md and assets/examples/*) explicitly direct the agent to open and interact with arbitrary public URLs using New Page / Go To (e.g., https://example.com, https://the-internet.herokuapp.com, ${LOGIN_URL}), then read page content with Get Text/Get Url and branch/assert based on that content—clearly ingesting untrusted third-party web content that can influence subsequent actions.