browser-use-cloud

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to visit arbitrary external URLs (e.g., "Go to " and the "Common Pattern: Instagram Carousel") and "VISUALLY READ any text shown in the image and transcribe it exactly," meaning it fetches and ingests untrusted user-generated social/web content that could contain instructions influencing agent behavior.