browse-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running Browse AI robots (e.g., "Run Task", "Run Bulk Tasks", "Run Monitor") and retrieving task results via the Membrane proxy, which scrapes public websites and returns untrusted third-party content that the agent would read and could influence subsequent actions.